The Protection Process

Protection process includes the processes associated with deterrence, prevention, detection, reaction, and adaption as well as the protection based on data state (at rest, in motion, and in use). and encompasses protective mechanisms which it controls. Process involves some sort of work flow whether formally defined or not, and this work flow determines approval processes, controls separation mechanisms, and induces time delays.

It operates in light of external forces like life cycles and context to implement the process elements of the technical security architecture.

  • Deter: Deterrence is undertaken by top management and involves a variety of efforts ranging from public relations campaigns to selection of building appearances and locations. This is predominantly a perception management effort aimed at attackers mental processes.

  • Prevent: Prevention methods are typified by the classic separations mechanisms associated with computer security. It tends to use high surety mechanisms and is highly effective at reducing vulnerabilities if properly applied. Prevention is entirely proactive which is to say its failures tend to be brittle.

  • Detect: Detection is directed at identifying event sequences with potentially serious negative consequences in time to mitigate those consequences to the desired degree.

  • React: Reaction is tied to detection in that the reaction is the activity that mitigates the potentially serious negative consequences that detection is intended to detect.

  • Adapt: Adaptation is the long-term process that changes the overall protection posture of an enterprise to reflect changes in the environment over time.

All protection is formed from combinations of these process elements and the selection of how to mix them is critical to the effectiveness and costliness of protection.

In addition, protection process involves the different states of data - at rest, in motion, and in use.

  • Data at rest: Data at rest is in storage somewhere, in paper, on fiche, on tapes, on disks, and so forth. At rest, data must be properly protected to retain its value and protect it from theft, destruction, corruption,and so forth.

  • Data in use: Data in use is typically being read by people or systems, analyzed for a particular purpose, perhaps controlling the execution of physical functions such as temperature control, and so forth. Even in use, data must be protected against misuse, alteration, destruction, or the consequences associated with its use or misuse.

  • Data in motion: Whenever data travels, weather over a local area network, in a mobile computing device, or over the Internet, it must be protected by suitable means to the risk while still meeting the business requirement of transport.

For more details and in-depth coverage of these issues, buy the Governance Guidebook.

This was last published in January 2006

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments