To be used subsequent to collection, information must be stored in some information repository, often an electronic database. The storage mechanism must maintain the data quality, reliability, and accuracy while ensuring operational characteristics such as robustness to failure and scalability to accommodate both data and processing volumes. In addition, since information systems have vulnerabilities and are subject to threats, appropriate data stewardship must be enforced.
Whereas banks and telecommunications companies rate highest in information protection, many industries and the government in particular rate considerably lower. Increasingly, laws or regulations govern the storage and management of information both at rest (i.e., on a storage device) and in motion (i.e., as it traverses communications networks), thus mandating improvements in data stewardship. For example, regulations requiring the encryption of information on a detachable storage medium or transmitted through a communications channel can be used to protect information in transit and at rest.
The step of information analysis and use involves the use of the program during its operational lifetime to deliver the services defined in the purpose and the rational basis and tested in the experimental basis. As with information storage, information processing must meet operational requirements such as robustness and scalability. As stated in the committee’s proposed framework (see Chapter 2) and others, a program must be used solely as defined in the approved purpose and rational basis (i.e., requirements).
A major counterterrorism theme that has emerged since September 11 (9/11) is the notion of information sharing—that U.S. counterterrorist