Ensuring that former employees no longer have access to corporate materials is one way to maintain confidentiality. Access control ensures that the correct people will have access to confidential materials, while authentication validates a user to confirm that they should have access to such confidential materials.

Data in transit is data that is moving between devices; therefore, data transmitted through a cellular network are considered data in transit.

The goal of an information technology disaster recovery plan (IT DRP) is to resume technological functions, not just general business functions, as soon as possible after an issue occurs. Outlining expected recovery times for IT to resume is one item that should be part of all IT DRPs.

The first step in a risk analysis is identification and valuation of an organization’s information assets. The second step is to estimate potential costs and losses per security incident, which include costs of malware attacks, fees and penalties associated with data breaches, and lost revenue. It is important to understand the probability of each type of security threat.

The identify (ID) function aims to create an organizational awareness of associated risks in the context of their business and resources.

In a DoS attack, a system is flooded with incoming messages. This creates a bandwidth problem for the system, forcing it to shut down, making the data inaccessible to those who legitimately have access to it.

The ID function, the first of five in the framework, helps organizations better understand efforts needed to manage risks specific to their IT infrastructures.