1 / 9

Confidentiality and Privacy Controls

Confidentiality and Privacy Controls. Chapter 9. Learning Objectives. Identify and explain controls designed to protect the confidentiality of sensitive information. Identify and explain controls designed to protect the privacy of customers’ personal information.

kipp
Télécharger la présentation

Confidentiality and Privacy Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Confidentiality and Privacy Controls Chapter 9

  2. Learning Objectives • Identify and explain controls designed to protect the confidentiality of sensitive information. • Identify and explain controls designed to protect the privacy of customers’ personal information. • Explain how the two basic types of encryption systems work.

  3. Protecting Confidentiality and Privacy of Sensitive Information • Identify and classify information to protect • Where is it located and who has access? • Classify value of information to organization • Encryption • Protect information in transit and in storage • Access controls • Controlling outgoing information (confidentiality) • Digital watermarks (confidentiality) • Data masking (privacy) • Training

  4. Generally Accepted Privacy Principles • Management • Procedures and policies with assigned responsibility and accountability • Notice • Provide notice of privacy policies and practices prior to collecting data • Choice and consent • Opt-in versus opt-out approaches • Collection • Only collect needed information • Use and retention • Use information only for stated business purpose • Access • Customer should be able to review, correct, or delete information collected on them • Disclosure to third parties • Security • Protect from loss or unauthorized access • Quality • Monitoring and enforcement • Procedures in responding to complaints • Compliance

  5. Encryption • Preventative control • Factors that influence encryption strength: • Key length (longer = stronger) • Algorithm • Management policies • Stored securely

  6. Encryption Steps Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext(sender of message) To read ciphertext, encryption key reverses process to make information readable (receiver of message)

  7. Types of Encryption Symmetric Asymmetric • Uses one key to encrypt and decrypt • Both parties need to know the key • Need to securely communicate the shared key • Cannot share key with multiple parties, they get their own (different) key from the organization • Uses two keys • Public—everyone has access • Private—used to decrypt (only known by you) • Public key can be used by all your trading partners • Can create digital signatures

  8. Virtual Private Network • Securely transmits encrypted data between sender and receiver • Sender and receiver have the appropriate encryption and decryption keys.

  9. Key Terms • Information rights management (IRM) • Data loss prevention (DLP) • Digital watermark • Data masking • Spam • Identity theft • Cookie • Encryption • Plaintext • Ciphertext • Decryption • Symmetric encryption systems • Asymmetric encryption systems • Public key • Private key • Key escrow • Hashing • Hash • Nonrepudiation • Digital signature • Digital certificate • Certificate of authority • Public key infrastructure (PKI) • Virtual private network (VPN)

More Related