Please enable JavaScript.
Coggle requires JavaScript to display documents.
9: CONFIDENTIALITY AND PRIVACY CONTROLS - Coggle Diagram
9: CONFIDENTIALITY AND PRIVACY CONTROLS
PRESERVING CONFIDENTIALITY
1- identify and classify information
2- encryptions
3- access controls
4- training
PRIVACY
1- PRIVACY CONTROLS
identify what information the organization possesses, where it is stores and who has access
to prevent programmers from having access to personal information
to protect privacy, organizations should run data masking programs
organization should train employees on how to manage and protect personal information collected from customers
2- PRIVACY CONCERNS
SPAM
unsolicited email that contains either advertising or offensive content
IDENTITY THEFT
unauthorized use of someone's personal information for the perpetrator's benefit
3- PRIVACY REGULATIONS AND GENERALLY ACCEPTED PRIVACY PRINCIPLES
1- management
2- notice
3- choice and consent
4- collections
5- use, retention and disposal
6- access
7- disclosure to third parties
8- security
9- quality
10- monitoring and enforcement
ENCRYPTION
the process of transforming normal content, called plaintext into unreadable gibberish called ciphertext.
FACTORS THAT INFLUENCE ENCRYPTION STRENGTH
key length
encryption algorithm
policies for managing the cryptographic keys
TYPES OF ENCRYPTION SYSTEMS
symmetric encryption
asymmetric encryption
HASHING
process that takes plaintext of any length and creates a short code called a hash
DIGITAL SIGNATURES
is a two step process
DIGITAL CERTIFICATES AND PUBLIC KEY INFRASTRUCTURE
electronic document that contains an entity's public key and certifies the identify of the owner of that particular public key
VIRTUAL PRIVATE NETWORKS (VPNS)
using encryption and authentication to security transfer information over the internet thereby creating a 'virtual' private network