2.2 Data Security Lifecycle

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
data security life cycle. Again, the data is what we're protecting. That's our main focus. So when we look at the data security life cycle, we've got to think about the idea that data goes throughout stages as faras its life span, right? You know Dad is created,
and at that creation piece, you could call it, um,
update as well, because that that is alive there, right? It's being modified, any sort of change or creation, anything new. That's the create peace. And that almost immediately flows into storage, whether it's storing on
temporary storage like RAM or more permanent storage, like a drive or a share.
But we go immediately into storage as soon as it's created almost right, just instantaneously, at least storage and ram.
Then we move into using that course using data it isn't in RAM. There's some sort of processing going on where viewing, maybe transactions or being input and entered. But ultimately which, in data and use, then sharing,
put Dad across the network. We access data from databases. We send users. We may transfer files, upload files, whatever. That's the aspect. We think kind of the networking. Then we archive data
and you know when we talk about archive versus backup, our data backup this for data that we expect to use again somewhat frequently or there's a high probability. But once we moved toe archive, that's more long term storage and then last but not least destroy.
So the whole idea throughout this Data Security life cycle
is that we want to map out security functions to the life cycle.
So we're kind of doing some threat modeling there and once again for getting this next side, just one stress. Every single phase off the data security life cycle needs to be secured. So when we look at this next screen, I'm doing some threat modeling here.
Um, so what? We're looking at some of the main functions data being access battle being processed and stored.
Then we've got the actors and the various locations. So when we're looking at this from this particular element, when we're looking at the threats, first of all, the actors who
you know, internal users, malicious users or we could say malicious insiders, we could also say non malicious insiders because the majority of security breaches come from internal users that have no malicious intents we're gonna think about that. Malicious outsiders
Intruder, state sponsored, you know, attacks, whatever, Whatever those actors are,
because often the attacker or the actor is going to have a specific threat type that they implement. You know, a state sponsored attacks gonna be very different from, you know, an anomalous cious insider. Right? So
we start there, who were the possible actors.
And then we look at each of the function areas when Dad is being accessed, when it's being processed and when it's being stored and you'll notice what we're looking at is what's possible. And then what's allowed?
You know, we're almost gonna looking at use and misuse statements here. Here's how we expect to be used. You know, this is is what we expect. But then what could happen?
Yeah, you authenticate. But what could happen is of authentication is weak. Authentication could be broken, and unauthorized individual could access data. That's kind of how these work together. So ultimately, what we're looking to do is for each stage of the data security life cycle
that we have a mapping
off actors, functions, locations while we create.
Then, while we store how we or when we use and so on, and that's ultimately looking at data security throughout all the stages. We don't just focus on security up front. We certainly don't just focus on the end like maybe we've done traditionally.
But for each stage of the life cycle of data,
we want to make sure that security's integrated.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By