Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9 Confidentiality and Privacy Controls - Coggle Diagram
Chapter 9
Confidentiality and Privacy Controls
Privacy
Privacy Controls
data masking
protecting privacy by replacing sensitive personal information with fake data. Also called
tokenization
Privacy Concerns
spam
unsolicited e-mail that contains either advertising or offensive content
identity theft
assuming someone's identity, usually for economic gain
Privacy Regulations and Generally Accepted Privacy Principles
Practices to protect customer's personal info
management
notice
choice and consent
collection
use, retention and disposal
access
disclosure to third parties
security
quality
monitoring and enforcement
cookie
a text file created by a Web site and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site
Preserving Confidentiality
Identifying and Classify Information
Encryption
Training
Access Controls
Information rights management (IRM)
software that offers the capability not only to limit access to specific files or documents but also to specify the actions (read, copy print, download etc.) that individuals who are granted access to that resource can perform. Some IRM software even has the capability to limit access privileges to a specific period of time and to remotely erase protected files
Data loss prevention (DLP)
software which works like antivirus programs in reverse. blocking outgoing messages (email, instant messages, etc.) that contain key words or phrases associated with intellectual property or other sensitive data the organization wants to protect
digital watermark
code embedded in documents that enables and organization to identify confidential information that has been disclosed
Encryption
encryption
the process of transforming normal text, called
plaintext
, into unreadable gibberish, called
ciphertext
plaintext
normal text that has not been encrypted
ciphertext
plaintext that was transformed into unreadable gibberish using encryption
decryption
transforming ciphertext back into plaintext
Factors that influence encryption strength
Key length
encryption algorithm
policies for managing cryptographic keys
Types of Encryption Systems
symmetric encryption systems
encryption systems that use the same key both to encrypt and to decrypt
asymmetric encryption systems
encryption systems that use two keys (one public, the other private); either key can encrypt, but only the other matching key can decrypt
public key
one of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone
private key
one of the keys used in asymmetric encryption systems. It is kept secret and known only to the owner of that pair of public and private keys
key escrow
the process of storing a copy of an encryption key in a secure location
Hashing
transforming plaintext of any length into a short code called a hash
hash
plaintext that has been transformed into a short code
Digital Signature
nonrepudiation
creating legally binding agreements that cannot be unilaterally repudiated by either party
digital signature
a hash encrypted with the hash creator's private key
Digital Certificates and Public Key Infrastructure
digital certificate
an electronic documents that certifies the identity of the owner of a particular public key and contains that party's public key
certificate authority
an organization that issues public and private keys and records the public key in a digital certificate
public key infrastructure (PKI)
the system for issuing pairs if public and private keys and corresponding digital certificates
Virtual Private Networks (VPNS)
virtual private network (VPN)
using encryption and authentication to securely transfer information over the Internet thereby creating a "virtual" private network