Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 9 : Confidentiality and Privacy Controls - Coggle Diagram
CHAPTER 9 : Confidentiality and Privacy
Controls
Preserving Confidentiality
IDENTIFY AND CLASSIFY INFORMATION TO BE PROTECTED
identify where such information resides and who has access to it.
classify the information in terms of its value to the organization
PROTECTING CONFIDENTIALITY WITH ENCRYPTION
to protect information in transit over the Internet
a necessary part of defense-in-depth to protect information stored on websites or in a
public cloud
CONTROLLING ACCESS TO SENSITIVE INFORMATION
Information rights management (IRM)
provides addtional layer of protection to sensitive information that stored in digital form
offer the capability of limit access to specific files, specify the actions (read,copy,print,download to USB device ,etc) - individuals who RE granted access to that resource can perform
data loss prevention (DLP)
embedding code called a digital watermark in documents
TRAINING
teach employee how to protect confidential data
Privacy
PRIVACY CONTROLS
identify
what information the organization possesses, where it is stored, and who has access to it
data masking - Protecting privacy by replacing sensitive personal information with fake data. Also called tokenization.
PRIVACY CONCERNS
spam
unsolicited e-mail that contains either advertising or offensive content
identity theft
the unauthorized use of someone’s personal information for the perpetrator’s
benefit
PRIVACY REGULATIONS AND GENERALLY ACCEPTED PRIVACY PRINCIPLES
Management
Notice
Choice and consent.
Collection
Use, retention, and disposal
Access.
Disclosure to third parties
Security
Quality
Monitoring and enforcement.
Encryption
the process of transforming normal content,
called plaintext, into unreadable gibberish, called ciphertext
Decryption - reverse the process
FACTORS THAT INFLUENCE ENCRYPTION STRENGTH
key length
Longer keys provide stronger encryption by reducing the number of repeating
blocks in the ciphertext.
encryption algorithm
policies for managing cryptographic keys
not storing cryptographic keys in a browser or any
other file that other users of that system can readily access and
using a strong (and long)
passphrase to protect the keys
TYPES OF ENCRYPTION SYSTEMS
Symmetric encryption
use two keys
public key
private key
Asymmetric encryption
use the same key both to encrypt and to decrypt