You are currently viewing CISSP certification: The 3 states of data.

CISSP certification: The 3 states of data.

We need to protect our data as well as we can regardless where it is and if it is in use or not. 

  • Data has 3 States: We want to protect it as well as we can in each state.
    • Data at Rest (Stored Data):
      • This is data on Disks, Tapes, CDs/DVDs, USB Sticks
      • We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs).
      • Encryption can be Hardware or Software Encryption.
    • Data in Motion (Data being transferred on a Network).
      • We encrypt our network traffic, end to end encryption, this is both on internal and external networks.
    • Data in Use: (We are actively using the files/data, it can’t be encrypted).
      • Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.