Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9 ( Confidentiality and Privacy Controls ) - Coggle Diagram
Chapter 9
(
Confidentiality and Privacy
Controls
)
Preserving Confidentiality
Components of Protecting Confidentiality and Privacy
Encryption
The only way to protect data in transit within the internet
Protects information stored in websites or in a public cloud
Training
Employees are trained on which information they can share with outsiders and which information needs to be protecte
Identify and Classify Information
These may contain cost advantages and protect quality of informaton over other companies
Access Controls
Privacy
PRIVACY CONTROLS
data masking programs
Protecting privacy by replacing sensitive personal information with fake data. Also called tokenization.
PRIVACY CONCERNS
Spam
Unsolicited e-mail that contains either advertising or offensive content.
Identity theft
The unauthorized use of someone’s personal information for the perpetrator’s benefit
PRIVACY REGULATIONS AND GENERALLY ACCEPTED PRIVACY PRINCIPLES
Best practices for protecting the privacy of customers’ personal information
Use, retention, and disposal.
Access.
Collection
Disclosure to third parties
. Choice and consent
Security
Notice
Quality
Management
Monitoring and enforcement
Encryption
The process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext.
Factors that influence encryption strength
ENCRYPTION ALGORITHM
POLICIES FOR MANAGING CRYPTOGRAPHIC KEYS
KEY LENGTH
Types Of Encryption Systems
. Symmetric encryption systems
Asymmetric encryption systems
Hashing
is a process that takes plaintext of any length and creates a short code called a hash.
Digital Signatures
nonrepudiation
Creating legally binding agreements that cannot be unilaterally repudiated by either party
digital signature
A hash encrypted with the hash creator’s private key
Digital certificate and public key infrastructure
digital certificate
An electronic document that certifies the identity of the owner of a particular public key and contains that party’s public key
public key infrastructure (PKI)
The system for issuing pairs of public and private keys and corresponding digital certificates.
virtual private network (VPN)
Using encryption and authentication to securely transfer nformation over the Internet, thereby creating a “virtual” private network.