Please enable JavaScript.
Coggle requires JavaScript to display documents.
Confidentiality and Privacy Controls - Coggle Diagram
Confidentiality and Privacy
Controls
Protecting Confidentiality and Privacy of Sensitive
Information
Identify and classify information to protect
• Where is it located and who has access?
• Classify value of information to organization
Encryption
• Protect information in transit and in storage
Access controls
• Controlling outgoing information (confidentiality)
• Digital watermarks (confidentiality)
• Data masking (privacy)
Training
Generally Accepted Privacy Principles
Management
• Procedures and policies with assigned responsibility and accountability
Notice
• Provide notice of privacy policies and practices prior to collecting data
Choice and consent • Opt-in versus opt-out approaches
Access
• Customer should be able to review, correct, or delete information collected on them
Collection • Only collect needed information
Use and retention
• Use information only for stated business purpose
Disclosure to third parties
Security - Protect from loss or unauthorized access
Quality
Monitoring and enforcement
• Procedures in responding to complaints
• Compliance
Encryption
Preventative control
Factors that influence encryption strength
• Key length (longer = stronger)
• Algorithm
• Management policies
-Stored securely
Encryption Steps
Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext(sender of message)
To read ciphertext, encryption key reverses process to make information readable (receiver of message)
Types of Encryption
Symmetric
Uses one key to encrypt and decrypt
Both parties need to know the key
• Need to securely communicate the shared key
• Cannot share key with multiple parties, they get their own (different) key from the organization
Asymmetric
Uses two keys
• Public—everyone has access
• Private—used to decrypt (only known by you)
• Public key can be used by all your trading partners
Can create digital signatures
Virtual Private Network
Securely transmits encrypted data between sender and receiver
Sender and receiver have the appropriate encryption and decryption keys.