Data Layer
Data and metadata of a business is the heart and aim of any security breach. This layer requires the most attention. Payments, customer information, Social Security numbers, and intellectual property (IP) are the high-value and high-risk data and are the most regulated. They are highly vulnerable to penalties and could be reason for eroding the reputation and wealth of an organization.
Extending the example, once hackers/thieves get hold of an account, a.k.a. deposit box, they find a treasure map in this box. However, they are not able to read or make sense out of it. In another example, if a laptop gets stolen and hackers get hold of the hard drive, if this hard drive is encrypted it cannot be opened. It is useless. Even in situations where hackers got hold of email but email is encrypted, they cannot open the email, hard drive, dataset, or column within dataset. In the absence of a decryption algorithm, even if someone is able to have data open, it is of no use. When data is in motion or in procession it still needs to be protected.
Governance and implementation of data management policies along with security features like encryption, authentication, regular data backups, are some of the ways to secure data layer.
Mission-Critical Assets
Mission-critical assets are those assets of organization that are critical for the survival of the organization. It could be software, hardware, electronic systems, patents, financial records/data, and much more. Analysis is done to identify which assets are considered core and necessary for business and mission critical for the implementation and working of six layers of security. These assets are mandatory to follow industry, state, country, and international laws.