Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9: Confidentiality and Privacy Controls - Coggle Diagram
Chapter 9: Confidentiality and Privacy
Controls
Preserving Confidentiality
PROTECTING CONFIDENTIALITY WITH ENCRYPTION
way to protect information in transit over the Internet
necessary part of defense-in-depth to protect information stored on websites or in a public cloud
CONTROLLING ACCESS TO SENSITIVE INFORMATION
software
Information rights management (IRM)
provides an additional layer of protection to sensitive information that is stored in digital format, offering the capability not only to limit access to specific files or documents but also to specify the actions
data loss prevention (DLP)
works like antivirus programs in reverse, blocking outgoing messages
digital watermark
Code embedded in documents that enables an organization to
identify confidential information that has been disclosed.
IDENTIFY AND CLASSIFY INFORMATION TO BE PROTECTED
identify where such information resides and who has access to it
TRAINING
Employees need to know what information they can share with outsiders and what information needs to be protected
Privacy
PRIVACY REGULATIONS AND GENERALLY ACCEPTED PRIVACY PRINCIPLES
GAPP identifies 10 internationally recognized best practices for protecting the privacy of customers’ personal information
Disclosure to third parties.
Access
Security
Use, retention, and disposal
Management
Notice
Choice and consent.
Collection
. Quality
Monitoring and enforcement
PRIVACY CONTROLS
protect the privacy of personal information collected from customers, employees, suppliers, and business partners is to identify what information the organization possesses, where it is stored, and who has access to it
data masking
Protecting privacy by replacing sensitive personal information with fake data. Also called tokenization (fake data)
PRIVACY CONCERNS
SPAM
unsolicited e-mail that contains either advertising or offensive content
IDENTITY THEFT
the unauthorized use of someone’s personal information for the perpetrator’s benefit
Encryption
FACTORS THAT INFLUENCE ENCRYPTION STRENGTH
factors of the strength of any encryption system
2) encryption algorithm
The nature of the algorithm used to combine the key and the
plaintext is important
3) policies for managing the cryptographic keys
The management of cryptographic keys
is often the most vulnerable aspect of encryption systems
1) key length
Longer keys provide stronger encryption by reducing the number of repeating blocks in the ciphertext
TYPES OF ENCRYPTION SYSTEMS
HASHING
a process that takes plaintext of any length and creates a short code called a hash.
DIGITAL SIGNATURES
An important issue for business transactions has always been nonrepudiation
DIGITAL CERTIFICATES AND PUBLIC KEY INFRASTRUCTURE
digital certificate
an electronic document that contains an entity’s public key and certifies the identity of the
owner of that particular public key
certificate authority
An organization that issues public and private keys and records the public key in a digital certificate.
public key infrastructure (PKI)
This system for issuing pairs of public and private keys and corresponding digital certificates
VIRTUAL PRIVATE NETWORKS (VPNS)
To protect confidentiality and privacy, information must be encrypted not only within a system, but also when it is in transit over the Internet