Abstract
Data security is critical and evolving in both the private and public sectors. Although the perspectives, mandates, and drivers differ somewhat between these sectors, there are also commonalities in the areas addressed. This chapter focuses primarily on the public sector. This contrasts with other areas of data management, which are addressed in similar ways in both the public and private sectors. This chapter offers the lay-reader an overview of data security. For the purposes of this book, the term “data security” is used throughout to reference what is known in other communities as “information security” or “cybersecurity.”
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This definition is provided at 44 U.S.C. Sec 3552. The definition used prior to that was found at 44 U.S.C. 3542. The more recent definition includes the original definition and adds definitions for integrity, confidentiality, and availability.
- 2.
The term “cybersecurity” is used synonymously with “information security” within the government and “data security” in this chapter. National Security Directive (NSPD) 54/Homeland Security Directive (HSPD) 23, Cybersecurity Policy, defines cybersecurity as: “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” Networked technology is ubiquitous today, making the need for distinguishing among data security, information security, and cybersecurity largely irrelevant.
- 3.
FISMA was previously known as the Federal Information Security Management Act of 2002 until it was updated and retitled in 2014.
- 4.
NIST SP 800-39, March 2011, Footnote 1, pg. IV.
- 5.
- 6.
NIST SP 800-37, Rev 1, Section 1.1, page 1.
- 7.
For additional detail on these frameworks, see the Data Security References section in Appendix B.
- 8.
Cybersecurity Framework, v1.0, p. 7.
- 9.
Cybersecurity Framework, v1.0, Section 2.1.
- 10.
Cybersecurity Framework, v1.0, Section 2.2.
- 11.
NIST SP 800-39, Managing Information Security Risk, Section 3.1.
- 12.
FIPS 199 provides security categorization guidance for non-national security systems. CNSS Instruction 1253 provides similar guidance for national security systems.
- 13.
NIST Special Publication 800-53 provides security control selection guidance for non-national security systems. CNSS Instruction 1253 provides similar guidance for national security systems.
- 14.
Note that authorization does not focus exclusively on security or privacy risks. Authorizing Officials are expected to evaluate all types of risks raised for an information system.
- 15.
See examples of overlays on the CNSS website http://www.cnss.gov. Through the site menus, navigate to Library → Instructions. Scroll down to CNSSI NO. 1253. Under that, you will see links multiple overlays listed as “CNSSI 1253F Attachment X,” where X is a numbered attachment to Appendix F of 1253 with each overlay named underneath the attachment number.
- 16.
NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
- 17.
“Information system components include, for example, mainframes, workstations, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), input/output devices (e.g., scanners, copiers, printers), network components (e.g., firewalls, routers, gateways, voice and data switches, process controllers, wireless access points, network appliances, sensors), operating systems, virtual machines, middleware, and applications.” NIST SP 800-53, Rev. 4, Section 1.1.
- 18.
NIST SP 800-53, Rev. 4, Section 1.1.
- 19.
NIST maintains its publications at: http://csrc.nist.gov/publications/PubsSPs.html.
- 20.
OMB Circular A-130, 10.a.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Fleckenstein, M., Fellows, L. (2018). Data Security. In: Modern Data Strategy. Springer, Cham. https://doi.org/10.1007/978-3-319-68993-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-68993-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68992-0
Online ISBN: 978-3-319-68993-7
eBook Packages: Computer ScienceComputer Science (R0)