We define confidentiality as the set of security controls necessary to protect data from unauthorized access during the data life cycle. Figure 2.1 provides a life-cycle framework consisting of data in transit, data in storage, or data in process. Transit occurs when data are transmitted between two points, such as entities A and B. Process occurs when data are resident in the memory of a device. Storage occurs when data are stored on stationary or removable media. The framework is a state-transition diagram that begins at Create and ends at Delete, but as the flow indicates, there really is no “end” to a data element.