401 Reading 7 - marsecguy/reading-notes-cyberops GitHub Wiki

Data Encryption

1. From your day to day computer use, provide examples of when data is at rest and when it is in transit.

   • Data is at rest when it is not being used in any manner. I have spreadsheets for financial data on a couple of rental properties I own. As I type this, those sheets are saved and closed; they are at rest. When I open them and start adding new data each month, it becomes data in use. When I send those sheets to my CPA for tax season, it becomes data in transit until they receive it. At that time it becomes data at rest again until they are ready to use it.

2. Explain the role data encryption with regards to the CIA triad.

   • Confidentiality - encryption protects confidentiality by making sure only authorized users can see the plain text data. Unauthorized users will only see encrypted gibberish.
   • Integrity - encryption protects integrity of data by making it difficult to manipulate the data. It is hard to meaningfully alter data that is gibberish.
   • Availability - encryption makes data easily available to those who are properly authenticated while denying it to those who are not.

Source: Fortra