Develop a data protection plan for a company. The plan will cover the data at different stages within the company and as the data is transferred and stored in the cloud. You will be focusing on the cryptography technology used and the different policies in place.

The company in this project is XYZ, and you were hired as a Computer Security consultant to develop their data protection plan.

XYZ is a multi-national company that has 6 locations in different states within the USA, and 4 locations (1 office in Europe, 1 in South America, 1 in Asia, and 1 in Africa). The company specializes in data analysis solutions in which they use cutting edge technologies in order to provide thorough insights into data gathered by clients. Hence, the confidentiality of the data, the insights, and the storage are crucial for XYZ business model and reputation.

XYZ currently has 250 employees, with their biggest branches being in Cincinnati, OH, and Sao Paulo, Brazil. The data operation of XYZ includes: data being stored on site of offline data analysis and backup, data being transferred from clients to XYZ servers and vice-versa, data being stored on the cloud and some data analysis solutions that are cloud-based.

Your plan needs to be composed of four different sections/phases:

Phase 1: Unit 2: Data at Rest:

In this phase, you will focus on devising and discussing a plan for data protection while at rest.

Define what Data at Rest is.
Provide examples of data at rest (at least 5 examples within XYZ company).
What are the different vulnerabilities and threats that data at rest is affected by? Discuss at least three.
What are some of the encryption solutions that can be used for data at rest protection?
What are the different access controls (key bases, access based, role-based) mechanisms that can be used for data at rest? Explain each briefly.

Sample Solution