let's talk a little bit about the data security life cycle. So you'll you'll see throughout the course reference C s a. The cloud security alliance. And essentially, what they've done is they've incorporated the data security life cycle.
Ah, and ultimately, what we're looking to do here is to make sure that data throughout its life cycle
provides security and certainly the controls that irrelevant to each face of the life cycle. So the first thing we have to do is map the different phases of the life cycle. Then we're going to figure out where the data is located and how it's access. And then ultimately, what C. S A has us do or helps us do is to map
and take a look at functions,
actors and controls. All right, so if we start looking at mapping the lifecycle faces, create store use, share, archive, destroy. All right, so information security, life cycle. So once we begin, we begin with the creation of the information, certainly.
And at this point in time, we need to figure out how that information is gonna be classified, because how it's gonna be classified is going to drive the security mechanisms we put in place
will also figure out what rights and permissions other users should have to the information that should be done by the data owner.
Now from the next step or to the next step where we store the data. That's where we look to the classifications within the previous step and figure out what the necessary controls are to protect the data. So we classify information based on the data is value. But the purpose of classifications to determine
the controls we put in place,
Ah, things like rights management, you know, with rights management in configuring writes that follow the data around, no matter what access in which they're open. We'll talk about rights management just a little bit. Then the data becomes is where we're using the data. So create store use.
Ah, here we have to look at monitoring
enforcement of policy, any sort of technical controls that need to be in place whether,
you know, we're we're using firewalls to access and monitoring and auditing those sorts of elements, also making sure that our applications or passionate applications or secure as well then we share the information well when we talk about sharing the information. We need to be sure that it shared appropriately.
So things like data loss prevention systems making sure that
data isn't being leaked or eyes it being improperly accessed here. We make sure that while the data is in transit, we encrypted appropriately other technical or logical controls and again applications security
once the data becomes archive, making sure that it's stored in an encrypted format and that those assets of the storage disks or the medium is protected
and then ultimately, once we're done making sure that the information is cleanse in a manner that is appropriate with our needs. So whether it's physical destruction of a disc and like we said with cloud computing, that's rarely possible but crypto shredding, essentially encrypting it.
Ah, in, uh, in such a manner that it can't be decrypted with one way encryption.
Ah, secure deletion, overriding whatever those means are. So ultimately we have the phases of the information security life cycle. Now what we want to do, then you sort of take that information and map out two functions. Actors and controls functions, actors and controls.
So when we talk about the functions, okay, well, what do we do with data. We access it, we process it, restore it.
And so what are those possible functions? And one of the ones that we would allow right And you can see on this chart were divided into
all the people that could possibly, you know, for actors who are the individuals or the subjects that could access this, who are the ones that we would allow
and then the controls we would put in place. So same thing with lotion locations. Where could this be access? Where should it be? Access. So ultimately, you know, if you're familiar with use and misuse, uh,
sort of researcher documentation. That's what we're getting into a little bit here, because this is gonna help us look, att,
All the situations that they're a potential are all the potential situations as well as all the allowed situations.