CONFIDENTIALITY

AND PRIVACY
CONTROLS
Amara Prabasari / 119211078
Preserving
Confidentiality
There are four basic actions that must be taken in order to protect
and maintain the confidentiality of sensitive information of an
organization, namely:

Identify and
Classify
Information

Preservation
Trainin of Encryptio
g Confidentiality n
and Privacy

Access
Control
Identify and Classify Information to
be Protected
The first step to protecting the confidentiality of
intellectual property and other sensitive business
information is to identify where the information is
located and who has access to that information.
Once identified, the next step is to classify the
information according to its value to the company.
Protecting Confidentiality with
Encryption
Encryption is the only way to protect information
in transit over the internet. Encryption is also
required in defense-in-depth to protect
information stored on websites or in the public
cloud. Encryption is not, however, the most
powerful weapon. Some sensitive information
such as the shortcut process is not stored digitally,
because it cannot be protected by encryption.
 Controlling Access to Sensitive
Information
Access control provides an additional layer for
protecting specific files or documents, but also for
the possible actions that guaranteed access to
resources can take. Access control designed to
protect confidentiality must be continuously
evaluated in response to any new threats created
by advances in technology.
Training
Training can be the most important control to
protect confidentiality. Is an important control for
maintaining confidentiality. Employees must
know what information they can share with
outsiders and what information needs to be
protected. They should also be taught how to
protect confidential data
 In the framework of trust service,
privacy is closely related to the
principle of confidentiality. The basic
PRIVAC difference between privacy and
confidentiality is that privacy focuses
Y more on protecting customer personal
data than on protecting company data.
 Privacy Control
In the framework of trust service, privacy is
closely related to the principle of confidentiality.
The basic difference between privacy and
confidentiality is that privacy focuses more on
protecting customer personal data than on
protecting company data.
Protecting Confidentiality with
Encryption
1. SPAM
SPAM is an e-mail containing advertising or
offensive content. SPAM is an output to do with
privacy. Spam not only reduces the efficiency of
e-mail, it can also give rise to viruses, worms,
spyware programs, as well as malware.
So the organization overcomes it, among others:
• The sender's identity must be completely
shown in the header of the message
• The subject must be identified
• The message body must provide with a
working link
• The body of the message must include a valid
postal address
• The organization does not send random
messages
2. IDENTITY THEFT
Is the irresponsible use of someone's personal
information for certain benefits.
Privacy Regulations and Generally
Accepted Privacy Principles
Below are described 10 customer privacy protection practices:

1. Management
2. Notice
3. Choice and Consent
4. Collectuion
5. Use and Retention
6. Access
7. Disclosure to third parties
8. Security
9. Quality
10.Monitoring and Enforcement
 Encryption is a preventive control measure that can
be used to protect between confidentiality and
privacy. Encryption is the process of changing
normal content called plain text into unreadable
content, called ciphertext. Decryption reverses this
process from ciphertext into plain text. Encryption
Encryption and decryption include the use of keys and
algorithms. Encryption and decryption include the
use of keys and algorithms. To produce the original
document, first divide the ciphertext into 123-bit
blocks and then agree on the key decryption for
each block.
1. Factors that Influence Encryption
Strength
-Key length
-Algorithm encryption
-Cryptographic keys
2. Types of Encryption Systems
-Symmetric encryption system
-Asymmetric encryption system
3. Hashing
Hashing is a process that takes a long
plaintext and converts it into a short code
called a hash. Hashing algorithms use each
bit of the original plaintext to compute the
hash value
4. Digital Signatures
Digital signature is a mixture of documents or files encrypted using a private key
document generator. Digital signatures provide evidence of 2 outputs, namely a copy of
the document or file that cannot be changed who made the original version of the digital
document or file. So the digital signature provides insurance that a person cannot enter
into a digital transaction and then sequentially allows them to do so and refuses to fill
out the contract.

5. Digital Certificates and Public Key Infrastructure

Digital certificates contain a pair of electronic keys that can be used to encrypt and
mark digital information. Digital Certificates make it possible to verify someone's claims
to have the right to use a given key, helping to prevent people from using fake keys to
impersonate users. When used in conjunction with Digital Certificate encryption, it
provides a more complete security solution, ensuring the security of the identity of all
parties involved in a transaction. Digital certificates can be used for various electronic
transactions such as e-mail, electronic commerce, groupware and electronic money
transfers
6.Virtual Prvate Networks (VPNS)

A private connection through a public network or the internet, if we use a VPN, it is

as if we are creating a network within the network or so-called tunnel. VPN uses one of
three existing tunneling technologies, namely: PPTP, L2TP and the latest standard,
Internet Protocol Security (commonly abbreviated as IPSec). VPN is a combination of
tunneling and encryption technology. How a VPN works is as follows:

a) It takes a server that functions to connect between PCs, it can be a computer with a
VPN server or router application.
b) The computer with the VPN Client application contacts the VPN Server, VPN Server
then verifies the username and password and if successful, the VPN Server gives a
new IP address to the client computer and then a connection / tunnel will be formed.
c) Furthermore, the client computer can be used to access various resources (computers
or LANs) that are on the VPN Server.
Thank You!