15 Data Security
This chapter covers
- Encryption (symmetric/asymmetric) and hashing
- Public Key Infrastructure (PKI)
- Data states and lifecycle
- Data handling practices
- Logging and monitoring security events
Previous chapters have emphasized the protection of data assets, through access control, by protecting the network and where the data is stored, or even by deploying backups that mitigate the risk of destruction. We will now study the concepts of data encryption that prevent unauthorized data access, modification, or disclosure.
Cryptographic techniques ensure protection for data during transmission, storage, or manipulation. Data may exist in distinct states: data at rest, data in transit, and data in use, each presenting unique challenges that require tailored security measures.
Any cybersecurity professional must understand the foundations of symmetric and asymmetric encryption methods, and the significance of hashing and digital signatures in relation to ensuring data integrity and authenticity.
This chapter also explains how cryptographic mechanisms participate in guaranteeing desirable properties during the stages of the data life-cycle which include creation, storage, sharing, and destruction. Finally, we address the critical role of logging and monitoring in identifying and mitigating potential security incidents.