The Protection Process
Protection process includes the processes associated
with deterrence, prevention, detection, reaction,
and adaption as well as the protection based on data state (at rest, in
motion, and in use). and encompasses protective mechanisms which it
controls. Process involves some sort of workflow whether formally defined or not, and this work flow
determines approval processes, controls separation mechanisms, and
induces time delays.
Process interacts with some sort of inventory whether formally defined or not, and this inventory
affects the granularity and completeness of the processes.
"Metadata" forms basis for control of and trust
in records and their reliability and authenticity during operation and
It operates in light of external forces like life
cycles and context to implement the process elements of the technical
Deter: Deterrence is undertaken by top
management and involves a variety of efforts ranging from public
relations campaigns to selection of building appearances and locations.
This is predominantly a perception management effort aimed at
attackers mental processes.
Interdict: Interdiction is an
intelligence-based method which prevents
threats from reaching the entity. It typically takes place "out
there", external to the entity, preventing the attacker from reaching
the entity or its targets that indirectly effect the entity.
Prevent: Prevention methods are typified
by the classic separations mechanisms associated with computer security.
It tends to use high surety mechanisms and is highly effective at
reducing vulnerabilities if properly applied. Prevention is entirely
proactive which is to say its failures tend to be brittle.
Detect: Detection is directed at
identifying event sequences with potentially serious negative
consequences in time to mitigate those consequences to the desired
React: Reaction is tied to detection in
that the reaction is the activity that mitigates the potentially serious
negative consequences that detection is intended to detect.
Adapt: Adaptation is the long-term process
that changes the overall protection posture of an enterprise to reflect
changes in the environment over time.
All protection is formed from combinations of these
process elements and the selection of how to mix them is critical to
the effectiveness and costliness of protection.
In addition, protection process involves the different
states of data - at rest, in motion, and in use.
Data at rest: Data at rest is in storage
somewhere, in paper, on fiche, on tapes, on disks, and so forth. At
rest, data must be properly protected to retain its value and protect it
from theft, destruction, corruption,and so forth.
Data in use: Data in use is typically
being read by people or systems, analyzed for a particular purpose,
perhaps controlling the execution of physical functions such as
temperature control, and so forth. Even in use, data must be protected
against misuse, alteration, destruction, or the consequences associated
with its use or misuse.
Data in motion: Whenever data travels,
weather over a local area network, in a mobile computing device, or over
the Internet, it must be protected by suitable means to the risk while
still meeting the business requirement of transport.