9) Confidentiality and Privacy Controls Flashcards
What is confidential information of organizations? (3)
- Confidential information leaks can occur when sensitive information is released without authorization.
- This information can include marketing strategies, trade secrets, financial data, research and development plans, and other proprietary information.
- Leaks can cause significant damage to a company’s reputation, including loss of customers, legal and regulatory fines, loss of revenue, and difficulty finding new partners.
Define confidentiality and privacy controls?
- A confidentiality and privacy controls are security measures or mechanisms designed to safeguard sensitive information from unauthorized access, disclosure, or modification.
What do confidentiality and privacy controls aim to do?
- Confidentiality and privacy controls aim to ensure that only authorized individuals or entities can access certain data or information, protecting it from being viewed, tampered with, or stolen by unauthorized parties.
Define a privacy control
Privacy control is the use of administrative, technical,
and physical safeguards to protect personal data from
unauthorized access, use, or disclosure
What are the primary privacy controls concerns? (2)
1) Spam: unsolicited e-mail that contains either
advertising or offensive content
2) Identity Theft: Assuming someone’s identity, usually
for economic gain. The unauthorized use of
someone’s personal information for the perpetrator’s benefit.
According to Southern African Fraud __________ Services
(SAFPS’s) latest fraud statistics assessed between April 2022 and April 2023, impersonation fraud has increased by ___ %.
prevention
356
True or false, Most of these crimes are inherent in signature and document forgery. This is why it is important to have confidential and privacy controls
True
What are the 6 best practices for protecting client confidentiality? (6)
1) Use a secure file sharing and messaging platform
2) Control access to physical documents in the workplace
3) comply with industry regulations
4) Hsot routine security training for staff
5) Stay alert for new security threats
6) Utilize up-to-date security technology
What are the strategies for preserving confidentiality and privacy? (6)
Describe the types of data encryption? (2)
- Symmetric encryption: A cryptographic technique that uses the same key to encrypt and decrypt data
- Asymmetric Encryption: A cryptographic technique that uses the notion of a key pair: a different key is used for the encryption and decryption process.
What is symmetric encryption? (6)
- Uses one key to encrypt and decrypt
- Both parties need to know the key
- Need to securely communicate the shared key
- Cannot share key with multiple parties, they
get their own (different) key from the
organization - The major weakness is that the key must be
securely shared before two parties may
communicate securely. - Symmetric keys are often shared via an out-ofband method, such as via face-to-face discussion
What is an example of symmetric encyption?
Secure messaging apps (e.g., WhatsApp, Signal): These messaging platforms use symmetric encryption, such as the Signal Protocol, to ensure that messages are
encrypted end-to-end, allowing only the intended recipients to read the content.
What is asymmetric encryption? (6)
- Uses two keys; one key is made public, the other key is kept private
- Public—everyone has access
- Private—used to decrypt (only known by
you) - Public key can be used by all your trading partners
- Can create digital signatures
- Asymmetric encryption, on the other hand, was created to solve the inherent issue of symmetric encryption: the need of sharing a single encryption key that is used both for encrypting and decrypting data.
What are the differences betwen symmetric and asymmetric encryption? (6)
What are the Techniques for enhancing data privacy in documents? (2)
1) Hashing
2) Digital structures