Professional Documents
Culture Documents
Information Systems Controls For System Reliability - Part 2: Confidentiality and Privacy
Information Systems Controls For System Reliability - Part 2: Confidentiality and Privacy
Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy
9-1
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
Learning Objectives
Confidentiality (Chapter 8)
Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from
unauthorized disclosure.
Privacy
Personal information about customers is collected, used, disclosed, and maintained only
in compliance with internal policies and external regulatory requirements and is
protected from unauthorized disclosure.
Strategic plans
Trade secrets
Cost information
Legal documents
Process improvements
Trainingj
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-5
Privacy
Same controls
Identification and classification
Encryption
Access control
Training
SPAM
Unsolicited e-mail that contains either advertising or offensive content
CAN-SPAM (2003)
Criminal and civil penalties for spamming
Identity Theft
The unauthorized use of someone’s personal information for the
perpetrator’s benefit.
Companies have access to and thus must control customer’s personal
information.
1. Management 6. Access
Procedures and policies Customers should be capable of
Assignment of responsibility reviewing, editing, deleting
information
2. Notice
7. Disclosure to 3rd Parties
To customers of policies
Based on policy and only if 3rd party
has same privacy policy standard
3. Choice and Consent
Allow customers consent over 8. Security
information provided, stored Protection of personal information
4. Collection
9. Quality
Only what is necessary and stated in
Allow customer review
policy
Information needs to be reasonably
5. Use and Retention accurate
Based on policy and only for as long
as needed for the business 10. Monitor and Enforce
Ensure compliance with policy
Key length
Number of bits (characters) used to convert text into blocks
256 is common
Algorithm
Manner in which key and text is combined to create scrambled text
Symmetric
One key used to both encrypt and decrypt
Pro: fast
Con: vulnerable
Asymmetric
Different key used to encrypt than to decrypt
Pro: very secure
Con: very slow
Hybrid Solution
Use symmetric for encrypting information
Use asymmetric for encrypting symmetric key for decryption
If any change is made to the information the hash code will change,
thus enabling verification of information.
Hash of a document
Using document creators key
Provides proof:
That document has not been altered
Of the creator of the document