9. Confidentiality and Privacy Controls Flashcards
What is confidentiality
Confidentiality relates to organizational intellectual property which includes strategic plan, trade secrets, cost information, legal documents etc.
Describe the controls that can be used to protect the confidentiality(fortroligt) of sensitive(følsom) information.
Tip: a) encryption, b) authorization and authentication, c) training is the most important aspect of ensuring confidentiality, but training who?
a) encrypt the information
b) control access to the information, authorization and authentication
c) training employees to properly handle the information. Training is the most important part for ensuring confidentiality, employees need to know what can and cant be shared.
What is privacy and how to protect privacy?
Tip: the controls are the same as to protect confidentiality.
Privacy focuses on protecting personal information on customers, vendors, employees, and business partners
What is the main goal of the generally accepted privacy principles (GAPP) framework
Tip: guidance
Generally accepted privacy principles (GAPP) framework provides guidance on how to protect personal information the organization collects from customer, suppliers and employees.
Encryption is a preventative control
What types of encryption are there?
Encryption is a preventative control. Types of encryption are symmetric and asymmetric
Explain symmetric encryption
Symmetric encryption uses one key to encrypt and decrypt, both parties need to know the key. The transaction speed is fast
Explain asymmetric encryption
Asymmetric uses two key, one key is public and the other key is private which is used to decrypt. Transaction speed is slow, but can create digital signatures.
Explain digital signatures
Tip: hashing
Hashing (digital signatures)
Hashing transforming plaintext of any length into a short code called a hash.
Digital signature
A hash encrypted with the hash creator’s hash private hash.
The hash cant go back to orignial text, each time the document changes, a new hash is generated. Thats why digital signatures can be used as legally binding documents.
