Chapter 9 9 1 Learning Objectives Identify and explain controls designed to protect the confidentiality of sensitive information Identify and explain controls designed to protect the privacy of customers personal information ID: 573348
Download Presentation The PPT/PDF document "Confidentiality and Privacy Controls" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Confidentiality and Privacy Controls
Chapter 9
9-
1Slide2
Learning Objectives
Identify and explain controls designed to protect the confidentiality of sensitive information.
Identify and explain controls designed to protect the privacy of customers’ personal information.
Explain how the two basic types of encryption systems work.
9-
2Slide3
Protecting Confidentiality and Privacy of Sensitive Information
Identify and classify information to protect
Where is it located and who has access?
Classify value of information to organization
EncryptionProtect information in transit and in storageAccess controlsControlling outgoing information (confidentiality)Digital watermarks (confidentiality)Data masking (privacy)
Training
9-
3Slide4
Generally Accepted Privacy Principles
Management
Procedures and policies with assigned responsibility and accountability
Notice
Provide notice of privacy policies and practices prior to collecting dataChoice and consentOpt-in versus opt-out approachesCollectionOnly collect needed informationUse and retentionUse information only for stated business purposeAccess
Customer should be able to review, correct, or delete information collected on them
Disclosure to third parties
Security
Protect from loss or unauthorized access
Quality
Monitoring and enforcement
Procedures in responding to complaintsCompliance
9-
4Slide5
Encryption
Preventative control
Factors that influence encryption strength:
Key length (longer = stronger)
AlgorithmManagement policiesStored securely 9-5Slide6
Encryption Steps
Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext
(sender of message)
To read ciphertext, encryption key reverses process to make information readable (receiver of message)
9-
6Slide7
Types of Encryption
Symmetric
Asymmetric
Uses one key to encrypt and decrypt
Both parties need to know the keyNeed to securely communicate the shared keyCannot share key with multiple parties, they get their own (different) key from the organization
Uses two keys
Public—everyone has access
Private—used to decrypt (only known by you)
Public key can be used by all your trading partners
Can create digital signatures
9-
7Slide8
Virtual Private Network
Securely transmits encrypted data between sender and receiver
Sender and receiver have the appropriate encryption and decryption keys.
9-
8Slide9
Key Terms
Information rights management (IRM)Data loss prevention (DLP)
Digital watermark
Data masking
SpamIdentity theftCookieEncryptionPlaintextCiphertextDecryptionSymmetric encryption systemsAsymmetric encryption systemsPublic keyPrivate keyKey escrowHashing
Hash
Nonrepudiation
Digital signature
Digital certificate
Certificate of authority
Public key infrastructure (PKI)
Virtual private network (VPN)9-9