Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 9: CONFIDENTIALITY AND PRIVACY CONTROLS - Coggle Diagram
CHAPTER 9: CONFIDENTIALITY AND PRIVACY CONTROLS
PRESERVING CONFIDENTIALITY
(1) identify and classify the information to be protected
(4) train employees to properly handle the information
(2) encrypt the information
(3) control access to the information
Information rights management (IRM)
Software that offers the capability not only to limit access to specific files or documents but also to specify the actions (read, copy, print, download, etc) that individuals
who are granted access to that
resource can perform.
Data loss prevention (DLP)
Software which works like
antivirus programs in reverse, blocking outgoing messages (e-mail, instant messages, that contain key words or phrases associated with intellectual property or other sensitive data the organization wants to protect
Digital watermark - Code
embedded in documents that enables an organization to identify confidential information
that has been disclosed
Training is arguably the most important control for protecting confidentiality. Employees need
to know what information they can share with outsiders and what information needs to be
protected.
PRIVACY CONTROLS - the first step to protect the privacy of personal information collected from customers, employees, suppliers, and business partners is to identify what information the organization possesses, where it is stored, and who has access to it
Data masking - Protecting
privacy by replacing sensitive personal information with fake data. Also called tokenization
PRIVACY CONCERNS
Spam - Unsolicited e-mail that
contains either advertising or
offensive content.
identity theft - Assuming someone’s identity, usually for economic gain.
Encryption - The process of
transforming normal text, called
plaintext, into unreadable gibberish, called ciphertext
Plaintext - Normal text that has
not been encrypted.
Ciphertext - Plaintext that was
transformed into unreadable
gibberish using encryption
Decryption - Transforming
ciphertext back into plaintext
TYPES OF ENCRYPTION SYSTEMS - symmetric encryption systems - Encryption systems that use the same key both to encrypt and
to decrypt.
Asymmetric encryption systems -
Encryption systems that use two keys (one public, the other private);either key can encrypt,
but only the other matching key can decrypt.
Public key - One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone.
Private key - One of the keys used in asymmetric encryption systems. It is kept secret and known only to the owner of that pair of public and private keys
key escrow - The process of
storing a copy of an encryption key in a secure location.
Hashing - Transforming plaintext
of any length into a short code
called a hash.
Hash - Plaintext that has been
transformed into short code
Nonrepudiation - Creating
legally binding agreements that cannot be unilaterally repudiated by either party
Digital signature - A hash
encrypted d with the hash
creator’s private key.