Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1.

Published bySandra Rosemary Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1."— Presentation transcript:

1 Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1

2 Copyright © 2015 Pearson Education, Inc. Trust Services Framework Confidentiality ▫Sensitive organizational information/intellectual property is protected from unauthorized disclosure. Privacy ▫Personal information about customers, employees, vendors and other business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. 2

3 Copyright © 2015 Pearson Education, Inc. Protecting Confidentiality and Privacy of Sensitive Information Identify and classify information to protect Where is it located and who has access? Classify value of information to organization Encryption Protect information in transit and in storage Access controls Who has access and what are they allowed o do with acce ss(read, write, copy, delete. Downlaod) Controlling outgoing information (confidentiality) Digital watermarks (confidentiality) Data masking (privacy) Training Most important! Employees need to know what can or can’t be read, written, copied, deleted, or downloaded 3

4 Copyright © 2015 Pearson Education, Inc. CONFIDENTIALITY & PRIVACY  Key controls to protect confidentiality & privacy SituationControls StorageEncryption and access controls TransmissionEncryption DisposalShredding, thorough erasure, physical destruction OverallCategorization to reflect value of information and training in proper work practices 4

5 Copyright © 2015 Pearson Education, Inc. Privacy Concerns SPAM ▫Unsolicited e-mail that contains either advertising or offensive content ▫Problem with spam  Overwhelms email systems reducing efficiency  Source of many  viruses,  worms,  spyware programs,  other malware 5

6 Copyright © 2015 Pearson Education, Inc. Privacy Concerns SPAM ▫CAN-SPAM (2003)  Provides criminal and civil penalties for violation of the law.  Applies to commercial email, which is any email with a primary purpose of advertising or promotion.  Covers most legitimate email sent by organizations to customers, suppliers, or donors to non-profits.  Must follow guidelines(next slide) ▫State laws 6

7 Copyright © 2015 Pearson Education, Inc. Privacy Concerns Consequently, organizations must carefully follow the CAN-SPAM guidelines, which include: ▫The sender’s identity must be clearly displayed in the message header. ▫The subject field in the header must clearly identify the message as an advertisement or solicitation. ▫The body must provide recipients with a working link that can be used to “opt out” of future email. ▫The body must include the sender’s valid postal address. ▫Organizations should not:  Send email to randomly generated addresses.  Set up Websites designed to harvest email addresses of potential customers. 7

8 Copyright © 2015 Pearson Education, Inc. 8

9 9

10 Privacy Concerns Identity Theft ▫The unauthorized use of someone’s personal information for the perpetrator’s benefit. ▫Companies have access to and thus must control customer’s personal information. ▫Companies have an obligation to implement controls to protect information collected from their customers ▫Educate customers 10

11 Copyright © 2015 Pearson Education, Inc. 11

12 Copyright © 2015 Pearson Education, Inc. 12

13 Copyright © 2015 Pearson Education, Inc. Privacy Regulatory Acts Federal regulations ▫Health Insurance Portability and Accountability Act (HIPAA) ▫Health Information Technology for Economic and Clinical Health Act (HITECH) ▫Financial Services Modernization Act Acts impose specific requirements on organizations to protect privacy of customers personal information 13

14 Copyright © 2015 Pearson Education, Inc. Generally Accepted Privacy Principles Management ▫Procedures and policies with assigned responsibility and accountability Notice ▫Provide notice of privacy policies and practices prior to collecting data Choice and consent ▫Opt-in versus opt-out approaches Collection ▫Only collect needed information Use and retention ▫Use information only for stated business purpose Access ▫Customer should be able to review, correct, or delete information collected on them Disclosure to third parties Security Protect from loss or unauthorized access Quality Monitoring and enforcement Procedures in responding to complaints Compliance 14

15 Copyright © 2015 Pearson Education, Inc. Encryption Preventative control Factors that influence encryption strength: ▫Key length (longer = stronger)  Number of bits (characters) used to convert text into blocks  256 is common ▫Algorithm  Manner in which key and text is combined to create scrambled text ▫Management policies  Stored securely with strong access codes 15

16 Copyright © 2015 Pearson Education, Inc. Encryption Steps Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext (sender of message) To read ciphertext, encryption key reverses process to make information readable (receiver of message) 16

17 Copyright © 2015 Pearson Education, Inc. Types of Encryption SymmetricAsymmetric Uses one key to encrypt and decrypt Both parties need to know the key ▫Need to securely communicate the shared key ▫Cannot share key with multiple parties, they get their own (different) key from the organization Uses two keys ▫Public—everyone has access ▫Private—used to decrypt (only known by you) ▫Public key can be used by all your trading partners Can create digital signatures 17

18 Copyright © 2015 Pearson Education, Inc. Hashing Converts information into a “hashed” code of fixed length. ▫Uses every bit(character, spaces, numbers) The code can not be converted back to the text. If any change is made to the information the hash code will change, thus enabling verification of information. 9-18

19 Copyright © 2015 Pearson Education, Inc. Comparison of Hashing and Encryption HASHING ▫One-way function (cannot reverse, or "unhash" to recover original document). ▫Any size input yields same fixed-size output. ▫For example, SHA-256 hashing algorithm ▫produces a 256-bit hash for each of the following:  a one-sentence document  a one-page document  a 10-page document ENCRYPTION ▫Reversible (can decrypt ciphertext back to plaintext). ▫Output size approximately the same as input size. For example:  a one-sentence document becomes a one-sentence encrypted document  a one-page document becomes a one-page encrypted document  a a 10-page document becomes a 10-page encrypted document 19

20 Copyright © 2015 Pearson Education, Inc. Digital Signature 9-20

21 Copyright © 2015 Pearson Education, Inc. Digital Signature 9-21

22 Copyright © 2015 Pearson Education, Inc. Digital Signature 22

23 Copyright © 2015 Pearson Education, Inc. Digital Certificate Electronic document that contains an entity’s public key Certifies the identity of the owner of that particular public key Issued by Certificate Authority ▫VeriSign ▫Thawte ▫GeoTrust 9-23

24 Copyright © 2015 Pearson Education, Inc. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-24

25 Copyright © 2015 Pearson Education, Inc. Virtual Private Network Securely transmits encrypted data between sender and receiver ▫Sender and receiver have the appropriate encryption and decryption keys. 25

26 Copyright © 2015 Pearson Education, Inc. Remote Desktop Gateway A Remote Desktop Gateway (RD Gateway) server is a type of gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection ▫Uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol(port 443) to help create a secure encrypted connection ▫Enables Remote Desktop connections to a corporate network from the Internet without having to set up virtual private network (VPN) connections. ▫Enables connections to remote computers across firewalls. 9-26

Download ppt "Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 1."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cryptographic Technologies

Cryptographic Technologies
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 136 C HAPTER 8 Information Systems Controls for System.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Similar presentations

Ads by Google