Skip to main content
SpringerLink
Log in

Data Security

  • Chapter
  • First Online:
Modern Data Strategy

  • 4581 Accesses

Abstract

Data security is critical and evolving in both the private and public sectors. Although the perspectives, mandates, and drivers differ somewhat between these sectors, there are also commonalities in the areas addressed. This chapter focuses primarily on the public sector. This contrasts with other areas of data management, which are addressed in similar ways in both the public and private sectors. This chapter offers the lay-reader an overview of data security. For the purposes of this book, the term “data security” is used throughout to reference what is known in other communities as “information security” or “cybersecurity.”

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This definition is provided at 44 U.S.C. Sec 3552. The definition used prior to that was found at 44 U.S.C. 3542. The more recent definition includes the original definition and adds definitions for integrity, confidentiality, and availability.

  2. 2.

    The term “cybersecurity” is used synonymously with “information security” within the government and “data security” in this chapter. National Security Directive (NSPD) 54/Homeland Security Directive (HSPD) 23, Cybersecurity Policy, defines cybersecurity as: “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” Networked technology is ubiquitous today, making the need for distinguishing among data security, information security, and cybersecurity largely irrelevant.

  3. 3.

    FISMA was previously known as the Federal Information Security Management Act of 2002 until it was updated and retitled in 2014.

  4. 4.

    NIST SP 800-39, March 2011, Footnote 1, pg. IV.

  5. 5.

    https://www.nist.gov/cyberframework.

  6. 6.

    NIST SP 800-37, Rev 1, Section 1.1, page 1.

  7. 7.

    For additional detail on these frameworks, see the Data Security References section in Appendix B.

  8. 8.

    Cybersecurity Framework, v1.0, p. 7.

  9. 9.

    Cybersecurity Framework, v1.0, Section 2.1.

  10. 10.

    Cybersecurity Framework, v1.0, Section 2.2.

  11. 11.

    NIST SP 800-39, Managing Information Security Risk, Section 3.1.

  12. 12.

    FIPS 199 provides security categorization guidance for non-national security systems. CNSS Instruction 1253 provides similar guidance for national security systems.

  13. 13.

    NIST Special Publication 800-53 provides security control selection guidance for non-national security systems. CNSS Instruction 1253 provides similar guidance for national security systems.

  14. 14.

    Note that authorization does not focus exclusively on security or privacy risks. Authorizing Officials are expected to evaluate all types of risks raised for an information system.

  15. 15.

    See examples of overlays on the CNSS website http://www.cnss.gov. Through the site menus, navigate to Library → Instructions. Scroll down to CNSSI NO. 1253. Under that, you will see links multiple overlays listed as “CNSSI 1253F Attachment X,” where X is a numbered attachment to Appendix F of 1253 with each overlay named underneath the attachment number.

  16. 16.

    NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.

  17. 17.

    “Information system components include, for example, mainframes, workstations, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), input/output devices (e.g., scanners, copiers, printers), network components (e.g., firewalls, routers, gateways, voice and data switches, process controllers, wireless access points, network appliances, sensors), operating systems, virtual machines, middleware, and applications.” NIST SP 800-53, Rev. 4, Section 1.1.

  18. 18.

    NIST SP 800-53, Rev. 4, Section 1.1.

  19. 19.

    NIST maintains its publications at: http://csrc.nist.gov/publications/PubsSPs.html.

  20. 20.

    OMB Circular A-130, 10.a.

Author information

Authors and Affiliations

  1. MITRE, McLean, VA, USA

    Mike Fleckenstein & Lorraine Fellows

Authors
  1. Mike Fleckenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lorraine Fellows
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Fleckenstein, M., Fellows, L. (2018). Data Security. In: Modern Data Strategy. Springer, Cham. https://doi.org/10.1007/978-3-319-68993-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68993-7_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68992-0

  • Online ISBN: 978-3-319-68993-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation