Key Concepts 7.5 Applying resource protection

Question 1

• Data loss or unauthorized access: Uncontrolled access to storage media like hard drives,
  USB drives, or tapes can lead to data breaches or accidental deletion.
• Media theft or physical damage: Physical loss or damage to media can result in data loss
  and potential downtime.
• Media failure: Failure of physical media when used beyond its documented useful
  lifespan, generally expressed as mean-time-to-failure (MTTF).
• Improper disposal: Improperly disposing of media containing sensitive data can lead to
  data leaks if not securely erased or destroyed

Answer 1

Media Management security risk

Question 2

• Environmental controls: Temperature and humidity should be maintained at levels
  appropriate to the media being managed.
• Media classification: Classify media based on sensitivity to identify resources requiring
  stricter controls.
• Inventory and tracking: Maintain an accurate inventory of all storage media and track
  their location and usage.
• Secure storage: Store sensitive data on encrypted media and in secure locations with
  restricted access. Media check-in/check-out should be documented.
• Disposal procedures: Implement secure disposal procedures for media reaching the end
  of its lifecycle, including data wiping or physical destruction.

Answer 2

Media Management Controls

Question 3

• Data breaches: Interception of data during transmission or while stored on media.
• Unauthorized access and disclosure: Gaining access to media without proper authorization,
  disclosing sensitive information to an unauthorized individual.
• Unauthorized/unintentional destruction: Media destroyed before its retention limit has
  been reached results in a loss of availability.
• Unnecessary retention: At the other end of the spectrum, media retained beyond its
  retention limit increases risk.

Answer 3

Media Protection Concerns

Question 4

• Data encryption: Encrypt data at rest (on storage media) and in transit (during transmission)
  to render it unreadable without a decryption key.
• Access controls: Implement access controls to restrict access to media based on the
  principle of least privilege. A check-in/check-out process will ensure access is appropriately
  tracked.
• Labeling and handling: If backup media is clearly and appropriately marked and handling
  procedures are documented and known to staff, it can ensure proper handling throughout
  the media/data lifecycle, avoiding a breach of confidentiality.
• Lifecycle management to ensure the data stored on media is destroyed when it reaches
  the end of its retention period.
• Media sanitization: using secure data destruction techniques, as described in “2.4.7 Data
  Destruction”.

Answer 4

Media Protection Controls

Question 5

Is data stored on devices or storage systems not actively being used or transmitted

Answer 5

Data at rest

Question 6

• Physical theft: Stealing devices or storage media containing sensitive data.
• Malware: Malicious software designed to gain unauthorized access to stored data.
• Insider threats: Unauthorized access or misuse of data by individuals within the organization.
• Social engineering: Manipulating people into divulging confidential information or access
  credentials.
• Brute force attacks: Attempting to guess passwords or encryption keys through trial and
  error.

Answer 6

Common Data at rest attacks

Question 7

• Encryption (e.g., AES, RSA): Converting data into a coded form that can only be read with
  a decryption key.
• Access controls: Mechanisms to restrict and manage who can access specific data or
  resources.
• Physical security measures: Safeguards like locked server rooms, security cameras, and
  restricted access areas.

Answer 7

Common Data at rest protections

Question 8

Sometimes called “data in motion”, is data moving between systems or networks.

Answer 8

Data in transit

Question 9

Man-in-the-Middle (MitM) attacks: Intercepting and potentially altering communications
between two parties.
* Packet sniffing: Capturing and analyzing data packets as they travel across a network.
* DNS hijacking: Redirecting traffic to malicious sites by manipulating Domain Name
System queries.
* SSL stripping: Downgrading an HTTPS connection to HTTP, removing encryption protection.

Answer 9

Common Data in Transit Attacks

Question 10

• Encryption protocols, like TLS/SSL and HTTPS, which are standards for secure data
  transmission over networks. Enforcing TLS version (currently TLS 1.3) is important to
  prevent certain types of attacks.
• Virtual Private Networks (VPNs): Secure, encrypted connections over public networks.
• Secure File Transfer: Using protocols such as SFTP or FTPS for securely transferring files
  over a network.

Answer 10

Common Data in Transit Protections

Question 11

Is data actively being processed, accessed, or modified by applications or users

Answer 11

Data in Use

Question 12

• Buffer overflow: Exploiting programming errors to write data beyond the bounds of
  allocated memory, potentially executing malicious code.
• Code injection: Inserting and executing malicious code in a vulnerable application.
• Side-channel attacks: Exploiting unintended information leakage from a system’s
  physical implementation or operation, such as power consumption, electromagnetic
  emissions, or processing time, to infer sensitive data or cryptographic keys being used.

Answer 12

Common Data in Use Attacks

Question 13

• Memory encryption: Encrypting data while it’s being processed in a computer’s memory.
• Secure enclaves: Isolated execution environments for processing sensitive data.
• Runtime application self-protection (RASP): Security technology that’s built into an
  application to intercept calls, validate data requests, and detect and prevent real-time
  attacks.
• Input validation and sanitization: Techniques to ensure that input data is safe and in the
  correct format before processing

Answer 13

Common Data in Use protections