This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use [2022/04/12 17:49] nick |
dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use [2022/05/27 20:00] (current) nick grammar |
||
---|---|---|---|
Line 24: | Line 24: | ||
[[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]] | [[dido:public:ra:1.2_views:3_taxonomic:4_data_tax:02_state_taxonomy:data_in_use | Return to Top]] | ||
- | Given that Data-In-Use is directly accessible by one or more users, data in this state is vulnerable to attacks and exploits. Additionally, security risks become greater as the permissions and devices increase. Oftentimes, Data-In-Use can contain digital certificates, [[dido:public:ra:xapend:xapend.a_glossary:e:encryption]] keys, and [[dido:public:ra:xapend:xapend.a_glossary:i:intelp]], which make it crucial for businesses to monitor data in this state. Common practices for protecting Data-In-Use are defined under [[dido:public:ra:1.4_req:2_nonfunc:25_security |Securability ]] and include: | + | Given that Data-In-Use is directly accessible by one or more users, data in this state is vulnerable to attacks and exploits. Additionally, security risks become greater as permissions and devices increase. Oftentimes, Data-In-Use can contain digital certificates, [[dido:public:ra:xapend:xapend.a_glossary:e:encryption]] keys, and [[dido:public:ra:xapend:xapend.a_glossary:i:intelp]], which make it crucial for businesses to monitor data in this state. Common practices for protecting Data-In-Use are defined under [[dido:public:ra:1.4_req:2_nonfunc:25_security |Securability ]] and include: |
^ Physical Security | <WRAP> | ^ Physical Security | <WRAP> | ||
Line 150: | Line 150: | ||
</WRAP>| | </WRAP>| | ||
^ Access Control | <WRAP> | ^ Access Control | <WRAP> | ||
- | [[dido:public:ra:xapend:xapend.a_glossary:a:accesscontrol]] defines a set of controls restricting access to resources based on the group membership, identity, clearance, physical & logical location and need-to-know. In other words, it provides the [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] for access to resources. Additionally, access includes method of permission to consume, enter, control, restrict, use and protect the resource to guarantee: Availability, Confidentiality, and Integrity. | + | [[dido:public:ra:xapend:xapend.a_glossary:a:accesscontrol]] defines a set of controls restricting access to resources based on the group membership, identity, clearance, physical & logical location, and need-to-know. In other words, it provides the [[dido:public:ra:xapend:xapend.a_glossary:a:authorization]] for access to resources. Additionally, access includes a method of permission to consume, enter, control, restrict, use and protect the resource to guarantee: Availability, Confidentiality, and Integrity. |
Some of the more traditional resources requiring **Access Control** are: | Some of the more traditional resources requiring **Access Control** are: | ||
Line 182: | Line 182: | ||
[[dido:public:ra:xapend:xapend.a_glossary:d:dataatrest]] or [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion]] because processing the **Data** generally requires processing a [[dido:public:ra:xapend:xapend.a_glossary:c:cryptographic_algorithm]] to [[dido:public:ra:xapend:xapend.a_glossary:d:decryption | decrypt]] the **Data**. The use of [[dido:public:ra:xapend:xapend.a_glossary:p:protection_ring | Protection Rings]] can help, but at each level there is still a need to identify and authenticate the request. | [[dido:public:ra:xapend:xapend.a_glossary:d:dataatrest]] or [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion]] because processing the **Data** generally requires processing a [[dido:public:ra:xapend:xapend.a_glossary:c:cryptographic_algorithm]] to [[dido:public:ra:xapend:xapend.a_glossary:d:decryption | decrypt]] the **Data**. The use of [[dido:public:ra:xapend:xapend.a_glossary:p:protection_ring | Protection Rings]] can help, but at each level there is still a need to identify and authenticate the request. | ||
- | The following are some of the ways to establish the Identity of an entity and to Authenticate the entity making the request. | + | The following are some of the ways to establish the identity of an entity and Authenticate the entity making the request. |
* [[dido:public:ra:xapend:xapend.a_glossary:i:identification]] | * [[dido:public:ra:xapend:xapend.a_glossary:i:identification]] |