Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 9- Confidentiality and Privacy Controls - Coggle Diagram
CHAPTER 9- Confidentiality and Privacy
Controls
Preserving Confidentiality
IDENTIFY AND CLASSIFY INFORMATION
TO BE PROTECTED
identify where such information resides and who has access to it
undertaking a thorough inventory of every digital and paper store of information is both time-consuming and costly because it involves examining more than just the contents of the organization’s financial systems
After the information that needs to be protected has been identified, the next step is to
classify the information in terms of its value to the organization.
Once the information
has been classified, the appropriate set of controls can be deployed to protect it.
PROTECTING CONFIDENTIALITY WITH
ENCRYPTION
It is the only way to protect information in transit over the Internet.
Encryption only
protects information while it is stored or being transmitted,
not during processing, because
information must be decrypted in order to be processed
Encryption also does
not
protect information when it is displayed on a monitor or printed in a report
CONTROLLING ACCESS
TO SENSITIVE INFORMATION
information rights management (IRM)
- Software that offers the capability not only to limit access to specific files or documents but also to specify the actions (read, copy, print, download, etc.) that individuals who are granted access to that resource can perform. Some IRM software even has the capability to limit access privileges to a specific period of time and to remotely erase protected files.
data loss prevention (DLP)
- Software which works like antivirus programs in reverse, blocking outgoing messages (e-mail, instant messages, etc.) that contain key words or phrases associated with intellectual property or other sensitive data the organization wants to protect.
digital watermark
- Code embedded in documents that enables an organization to identify confidential information that has been disclosed
TRAINING
Employees need to know what information they can share with outsiders and what information needs to be protected.
Employees also need to be taught:
how to use encryption software
how to protect confidential data
the importance of always logging out of applications and using a password
protected screen saver before leaving their laptop or workstation unattended to prevent other employees from obtaining unauthorized access to that information.
how to code reports they create to reflect the importance of the information contained therein so that other employees will know how to handle those reports.
need to be taught not to leave reports containing sensitive information in plain view on their desks.
With proper training, employees can play an important role in protecting the confidentiality of an organization’s information and enhance the effectiveness of related controls.
Privacy
PRIVACY CONCERNS
SPAM
Unsolicited e-mail that contains either advertising or offensive content.
Organizations need to be sure to follow CAN-SPAM’s guidelines or risk sanctions. Key provisions include the following:
● The sender’s identity must be clearly displayed in the header of the message
● The subject field in the header must clearly identify the message as an advertisement or
solicitation.
● The body of the message must provide recipients with a working link that can be used to
opt out of future e-mail.
● The body of the message must include the sender’s valid postal address.
● Organizations should not send commercial e-mail to randomly generated addresses, nor
should they set up websites designed to “harvest” e-mail addresses of potential customers.
IDENTITY THEFT
Assuming someone’s identity, usually for economic gain.
Protecting Yourself from Identity Theft
• Shred all documents that contain personal information, especially unsolicited credit card offers, before discarding them.
• Securely store documents that contain sensitive personal and financial information (e.g., tax returns and financial statements)
• Never send personal information (social security number, passport number, etc.) in unencrypted e-mail.
• Beware of e-mail, telephone, and print requests to “verify” personal information that the requesting party should already possess.
• Do not carry your social security card with you.
• Resist requests to provide your social security number to businesses that ask for it, as it is seldom needed for most transactions.
• Print only your initials and last name, rather than your full name, on checks.
• Immediately cancel any stolen or lost credit cards.
PRIVACY REGULATIONS AND GENERALLY ACCEPTED PRIVACY PRINCIPLES
GAPP identifies and defines the following 10 internationally recognized
best practices for
protecting the privacy of customers’ personal information:
Management.
Organizations need to establish a set of procedures and policies for protecting the privacy of personal information they collect from customers, as well as information about their customers obtained from third parties such as credit bureaus.
Notice.
An organization should provide notice about its privacy policies and practices
at or before the time it collects personal information from customers, or as soon as practicable thereafter.
Choice and consent.
Organizations should explain the choices available to individuals
and obtain their consent prior to the collection and use of their personal information.
Collection.
An organization should collect only the information needed to fulfill the
purposes stated in its privacy policies.
Use, retention, and disposal.
Organizations should use customers’ personal information only in the manner described in their stated privacy policies and retain that information only as long as it is needed to fulfill a legitimate business purpose.
Access.
An organization should provide individuals with the ability to access, review,
correct, and delete the personal information stored about them.
Disclosure to third parties.
Organizations should disclose their customers’ personal information to third parties only in the situations and manners described in the organization’s privacy policies and only to third parties who provide the same level of privacy protection as does the organization that initially collected the information.
Security.
An organization must take reasonable steps to protect its customers’ personal
information from loss or unauthorized disclosure
Quality.
Organizations should maintain the integrity of their customers’ personal information and employ procedures to ensure that it is reasonably accurate.
Monitoring and enforcement.
An organization should assign one or more employees
to be responsible for ensuring compliance with its stated privacy policies.
PRIVACY CONTROLS
first step to protect the privacy of personal information collected from customers, employees, suppliers, and business partners is to
identify what information the organization possesses, where it is stored, and who has access to it
To protect privacy, organizations should run:
data masking
- Protecting privacy by replacing sensitive personal information with fake data. Also called
tokenization.
Encryption
The process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext
the Encryption
and Decryption Process
Plaintext
- Normal text that has not been encrypted.
Ciphertext
- Plaintext that was transformed into unreadable gibberish using encryption.
Decryption
- Transforming ciphertext back into plaintext.
FACTORS THAT INFLUENCE ENCRYPTION STRENGTH
KEY LENGTH
Longer keys provide stronger encryption by reducing the number of repeating blocks in the ciphertext.
This makes it harder to spot patterns in the ciphertext that reflect patterns in the original plaintext.
ENCRYPTION ALGORITHM
organizations should not attempt to create their own “secret” encryption algorithm but instead should purchase products that use widely accepted standard algorithms whose strength has been proven.
A strong algorithm is difficult, if not impossible, to break by using brute-force guessing techniques.
POLICIES FOR MANAGING CRYPTOGRAPHIC KEYS
No matter how long the keys are, or
how strong an encryption algorithm is, if the keys have been stolen, the encryption can be easily broken.
cryptographic keys must be stored securely and protected with strong access controls.
Best practices include:
(1) not storing cryptographic keys in a browser or any
other file that other users of that system can readily access
(2) using a strong (and long) passphrase to protect the keys.
Keys should be issued only to employees who handle sensitive data and need the ability to encrypt it. - promptly revoke (cancel) keys when an employee leaves or when there is reason to believe the key has been compromised - notify everyone who has relied upon those keys that they are no longer valid.
TYPES OF ENCRYPTION SYSTEMS
symmetric encryption systems
- Encryption systems that use the same key both to encrypt and to decrypt.
asymmetric encryption systems
- Encryption systems that use two keys (one public, the other private); either key can encrypt, but only the other matching key can decrypt.
Public key
- One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone.
Private key
- One of the keys used in asymmetric encryption systems. It is kept secret and known only to the owner of that pair of public and private keys.
Comparison of Symmetric and Asymmetric Encryption Systems
SYMMETRIC ENCRYPTION
One key. Same secret key used both to encrypt and decrypt.
● Speed—much faster.
● Requires separate key for everyone who wishes to communicate.
● Must find secure way to share the secret key with other party.
● Protecting shared secret key
from loss or theft.
● Encryption of large amounts of
information.
ASYMMETRIC ENCRYPTION
Two keys. One key is made public, the other kept private. Either key can encrypt, but only the other matching key can decrypt.
● Everyone can use your public key to communicate with you.
● No need to store keys for each party with whom you wish to communicate.
● Can be used to create legally binding digital signatures.
● Speed—much slower. ●Requires PKI to validate ownership of public keys.
● Protecting private key from loss or
theft.
● Creation of digital signatures.
● Secure exchange of symmetric keys via e-mail.
Number of keys
Advantages
Disadvantages
Risk issues
Primary use
key escrow
- The process of storing a copy of an encryption key in a secure location.
HASHING
Transforming plaintext of any length into a short code called a hash.
an important property of hashing algorithms that
makes it useful to send a hash of a document to another party, along with that original document. Hashing algorithms use every bit in the original plaintext to calculate the hash value.
DIGITAL SIGNATURES
Nonrepudiation
- Creating legally binding agreements that cannot be unilaterally repudiated by either party.
digital signature
- A hash encrypted with the hash creator’s private key.
Creating a Digital Signature
Step 1:
The document creator uses a hashing algorithm to generate a hash of the original document
Step 2:
The document creator uses his/her private key to encrypt the hash created in step 1
Result:
The encrypted hash is a legally-binding digital signature
DIGITAL CERTIFICATES AND PUBLIC KEY INFRASTRUCTURE
digital certificate
- An electronic document that certifies the identity of the owner of a particular public key and contains that party’s public key
certificate authority
- An organization that issues public and private keys and records the public key in a digital certificate.
public key infrastructure (PKI)
- The system for issuing pairs of public and private keys and corresponding digital certificates.
VIRTUAL PRIVATE NETWORKS (VPNS)
Using encryption and authentication to securely transfer information over the Internet, thereby creating a “virtual” private network.
There are two basic types of VPNs
uses a browser, encrypting the traffic with SSL (the same protocol that produces the familiar “lock” symbol whenever you engage in online shopping or banking)
uses IPSec, a version of the IP protocol that incorporates encryption as part of the process of creating IP packets