Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
133 views9 pages

Confidentiality and Privacy Controls

Uploaded by

Dan Ryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
133 views9 pages

Confidentiality and Privacy Controls

Uploaded by

Dan Ryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Confidentiality and Privacy Controls

Chapter 9

Copyright © 2015 Pearson Education, Inc. 9-1


Learning Objectives
• Identify and explain controls designed to protect the
confidentiality of sensitive information.

• Identify and explain controls designed to protect the privacy of


customers’ personal information.

• Explain how the two basic types of encryption systems work.

Copyright © 2015 Pearson Education, Inc.


9-2
Protecting Confidentiality and Privacy of Sensitive
Information
• Identify and classify information to protect
• Where is it located and who has access?
• Classify value of information to organization
• Encryption
• Protect information in transit and in storage
• Access controls
• Controlling outgoing information (confidentiality)
• Digital watermarks (confidentiality)
• Data masking (privacy)
• Training
Copyright © 2015 Pearson Education, Inc.
9-3
Generally Accepted Privacy Principles
• Management • Access
▫ Procedures and policies with assigned ▫ Customer should be able to review,
responsibility and accountability correct, or delete information collected on
them
• Notice
▫ Provide notice of privacy policies and • Disclosure to third parties
practices prior to collecting data
• Choice and consent • Security
▫ Opt-in versus opt-out approaches • Protect from loss or unauthorized access
• Collection • Quality
▫ Only collect needed information
• Use and retention • Monitoring and enforcement
▫ Use information only for stated business • Procedures in responding to complaints
purpose • Compliance

Copyright © 2015 Pearson Education, Inc. 9-4


Encryption

• Preventative control

• Factors that influence encryption strength:


▫ Key length (longer = stronger)
▫ Algorithm
▫ Management policies
 Stored securely

Copyright © 2015 Pearson Education, Inc. 9-5


Encryption Steps
• Takes plain text and with an
encryption key and algorithm,
converts to unreadable ciphertext
(sender of message)

• To read ciphertext, encryption key


reverses process to make
information readable (receiver of
message)

Copyright © 2015 Pearson Education, Inc. 9-6


Types of Encryption

Symmetric Asymmetric
• Uses one key to encrypt and decrypt • Uses two keys
• Both parties need to know the key ▫ Public—everyone has access
▫ Need to securely communicate the ▫ Private—used to decrypt (only known by
shared key you)
▫ Cannot share key with multiple parties, ▫ Public key can be used by all your
they get their own (different) key from trading partners
the organization • Can create digital signatures

9-7
Copyright © 2015 Pearson Education, Inc.
Virtual Private Network

• Securely transmits encrypted data between sender and receiver


▫ Sender and receiver have the appropriate encryption and decryption
keys.

Copyright © 2015 Pearson Education, Inc.


9-8
Key Terms
• Information rights management (IRM) • Asymmetric encryption systems
• Data loss prevention (DLP) • Public key
• Digital watermark • Private key
• Data masking • Key escrow
• Spam • Hashing
• Identity theft • Hash
• Cookie • Nonrepudiation
• Encryption • Digital signature
• Plaintext • Digital certificate
• Ciphertext • Certificate of authority
• Decryption • Public key infrastructure (PKI)
• Symmetric encryption systems • Virtual private network (VPN)
Copyright © 2015 Pearson Education, Inc. 9-9

You might also like