Data is often said to exist in one of three states:
1. In motion – being transmitted over a network or connection
2. At rest – persisted in a queue, disk, file, and so on
3. In memory – loaded into computer memory
The third state, in memory, is seldom mentioned in security standards, texts and requirements.
Why?
A.
Computer memory has built-in parity checking which protects against malicious alteration
B.
No one has direct access to a computer’s memory, therefore it is the safest place to be.
C.
All modern computers (developed since the mid-90s) automatically store data in memory in
encrypted from to help ensure confidentiality and integrity, because of this, more emphasis has
been placed on raising the level of protection in the other two states.
D.
This state is often overlooked. Data in memory can easily be viewed by anyone with system
administrator.
Explanation:
In Memory – a term used here to describe data that is currently being processed
and therefore exposed to any program, diagnostic tool, operating system
command, virus, etc. that is able to access memory.
Reference: Oracle Reference Architecture,Security, Release 3.1