The Protection Process

It operates in light of external forces like life cycles and context to implement the process elements of the technical security architecture.

• Deter: Deterrence is undertaken by top management and involves a variety of efforts ranging from public relations campaigns to selection of building appearances and locations. This is predominantly a perception management effort aimed at attackers mental processes.

• Prevent: Prevention methods are typified by the classic separations mechanisms associated with computer security. It tends to use high surety mechanisms and is highly effective at reducing vulnerabilities if properly applied. Prevention is entirely proactive which is to say its failures tend to be brittle.

• Detect: Detection is directed at identifying event sequences with potentially serious negative consequences in time to mitigate those consequences to the desired degree.

• React: Reaction is tied to detection in that the reaction is the activity that mitigates the potentially serious negative consequences that detection is intended to detect.

• Adapt: Adaptation is the long-term process that changes the overall protection posture of an enterprise to reflect changes in the environment over time.

All protection is formed from combinations of these process elements and the selection of how to mix them is critical to the effectiveness and costliness of protection.

In addition, protection process involves the different states of data - at rest, in motion, and in use.

• Data at rest: Data at rest is in storage somewhere, in paper, on fiche, on tapes, on disks, and so forth. At rest, data must be properly protected to retain its value and protect it from theft, destruction, corruption,and so forth.

• Data in use: Data in use is typically being read by people or systems, analyzed for a particular purpose, perhaps controlling the execution of physical functions such as temperature control, and so forth. Even in use, data must be protected against misuse, alteration, destruction, or the consequences associated with its use or misuse.

• Data in motion: Whenever data travels, weather over a local area network, in a mobile computing device, or over the Internet, it must be protected by suitable means to the risk while still meeting the business requirement of transport.

For more details and in-depth coverage of these issues, buy the Governance Guidebook.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary