401d8 reda07 - carlosjorr/reading-notes GitHub Wiki

Protecting Data at Rest with Device Encryption

From your day to day computer use, provide examples of when data is at rest and when it is in transit.

Data at rest refers to data that is stored and not actively being transmitted or processed. Examples of data at rest include files saved on a hard drive, data stored in a database, or information stored on a USB drive.

Data in transit refers to data that is actively being transmitted or transferred over a network. Examples of data in transit include sending emails, uploading files to a cloud storage service, or making online transactions.

Explain the role data encryption with regards to the CIA triad.

Confidentiality: Data encryption plays a crucial role in ensuring confidentiality. By encrypting data, sensitive information is transformed into an unreadable format, known as ciphertext, which can only be deciphered with the appropriate decryption key. This prevents unauthorized access to the data, even if it is intercepted or accessed by unauthorized individuals. Encryption helps protect confidential information at rest (stored data) and in transit (data being transmitted over a network) from being viewed or understood by unauthorized parties.

Integrity: Data encryption also helps maintain the integrity of the data. Encryption algorithms use cryptographic mechanisms to ensure that the encrypted data remains intact and unaltered during storage or transmission. By using cryptographic hash functions and digital signatures, data integrity can be verified. If any modifications or tampering occur during transit or while data is at rest, the integrity checks will fail, indicating that the data has been compromised.

Availability: While encryption primarily focuses on confidentiality and integrity, it indirectly contributes to data availability. By protecting data from unauthorized access and ensuring data integrity, encryption helps maintain the availability of data by reducing the risk of data breaches or unauthorized modifications that could result in data unavailability or loss. However, it is essential to note that encryption itself does not directly guarantee data availability. Other measures such as robust backup systems and disaster recovery plans are necessary to ensure data availability in case of unforeseen events.