Phase 4

Secure Storage

An important aspect of protecting your information and information systems is the secure storage of your valuable information assets. To complement physical security controls, such as a locked server room, sensitive information should have tight permissions and be encrypted while in storage (on the hard drive). That way, encryption protects the confidentiality of your information assets. Further, because unauthorized users cannot access the encrypted information, they cannot make unauthorized changes to the information, thus protecting the integrity of the information.

Many encryption utilities and even devices are available that can help you secure your critical and sensitive information assets. Some encryption technologies are even built into operating systems, such as the Encrypting File System (EFS) and the newer disk-encryption technology from Microsoft, BitLocker. Symanetc Endpoint Encryption (www.symantec.com/business/endpoint-encryption) and PGP Corporation (www.pgp.com/) provide third-party encryption tools.

Another aspect of protecting your information assets has to do with ensuring the availability of the information assets. You should be knowledgeable about fault-tolerant disk arrays, such as RAID systems, and know how to perform routing backups and data recovery from backups to increase the availability of these assets.

The tasks in this phase map to Domains 3, 4, 5, and 6 objectives in the CompTIA Security+ exam (http://certification.comptia.org/security/).