Data Security Controls
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- The three data states, and the control that fits each
- Baselines, scoping and tailoring, and standards selection
- DRM, DLP, and CASB: the data-protection technology families
- Exam-pattern recognition
Data-protection technology families: what each one governs
| Technology | What it protects | Where it acts | Primary gap it closes | Key limitation |
|---|---|---|---|---|
| DRM (Digital Rights Management) | The data object, persistently | Bound to the file/document itself | Control survives after data leaves the perimeter (no-print, no-forward, expiry) | Requires a client/agent to enforce rights; can frustrate legitimate use |
| DLP (Data Loss Prevention) | Sensitive content trying to exit | Network egress, endpoint, and storage (data-in-motion / -at-rest / -in-use modes) | Stops exfiltration by inspecting content against policy | Content inspection is defeated by strong encryption and misses what it can't read |
| CASB (Cloud Access Security Broker) | How data is used in cloud services | Between users and cloud apps (inline proxy or API mode) | Visibility + policy enforcement over sanctioned and shadow cloud use | Inline mode adds a chokepoint; API mode acts after the fact, not in real time |
| Encryption (at rest / in transit) | Confidentiality of the data itself | Storage media/DB (at rest) and the network path (in transit) | Renders intercepted or stolen data unreadable without the key | Protects neither data in use nor against an authorized key holder misusing access |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- NIST Cryptographic Standards and Guidelines
- NIST SP 800-111: Guide to Storage Encryption Technologies for End User Devices Whitepaper
- NIST SP 800-53B: Control Baselines for Information Systems and Organizations Whitepaper
- FIPS 199: Standards for Security Categorization of Federal Information and Information Systems Whitepaper
- NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations Whitepaper