Protection process includes the processes associated with deterrence, prevention, detection, reaction, and adaption as well as the protection based on data state (at rest, in motion, and in use). and encompasses protective mechanisms which it controls. Process involves some sort of workflow whether formally defined or not, and this work flow determines approval processes, controls separation mechanisms, and induces time delays. Process interacts with some sort of inventory whether formally defined or not, and this inventory affects the granularity and completeness of the processes.
It operates in light of external forces like life cycles and context to implement the process elements of the technical security architecture.
Deter: Deterrence is undertaken by top management and involves a variety of efforts ranging from public relations campaigns to selection of building appearances and locations. This is predominantly a perception management effort aimed at attackers mental processes.
Prevent: Prevention methods are typified by the classic separations mechanisms associated with computer security. It tends to use high surety mechanisms and is highly effective at reducing vulnerabilities if properly applied. Prevention is entirely proactive which is to say its failures tend to be brittle.
All protection is formed from combinations of these process elements and the selection of how to mix them is critical to the effectiveness and costliness of protection.
In addition, protection process involves the different states of data - at rest, in motion, and in use.
Data at rest: Data at rest is in storage somewhere, in paper, on fiche, on tapes, on disks, and so forth. At rest, data must be properly protected to retain its value and protect it from theft, destruction, corruption,and so forth.
Data in use: Data in use is typically being read by people or systems, analyzed for a particular purpose, perhaps controlling the execution of physical functions such as temperature control, and so forth. Even in use, data must be protected against misuse, alteration, destruction, or the consequences associated with its use or misuse.
Data in motion: Whenever data travels, weather over a local area network, in a mobile computing device, or over the Internet, it must be protected by suitable means to the risk while still meeting the business requirement of transport.