Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Privacy Technology > Chapter 4: TECHNICAL MEASURES AND PRIVACY-ENHANCING TECHNOLOGIES > Flashcards

Chapter 4: TECHNICAL MEASURES AND PRIVACY-ENHANCING TECHNOLOGIES Flashcards

1
Q

What are the different data strategies

A

Separated Data
Minimizing data
Abstracting data
Hiding data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is separated data strategy

A

o To minimize the risk of a threat actor using multiple sources of data to correlate information about a particular individual, data may be separated through distribution or isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is distribution in separated data strategy

A

 One method of separation is to distribute the collected information by either logically or physically segregating it.
 Logical separation may mean placing restricted access on sensitive data that only allows certain users to access it
 Physical separation might be accomplished by placing different data sets on different, physically distinct servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is minimizing data strategy

A

Minimization involves limiting the amount of personal information that needs to be processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different steps of minimizing data strategy

A

 Exclude unnecessary data: Information that is not critical to the purpose of collection should be excluded from collection at the start. Process designers should examine the privacy implications of the information being collected to determine if collection is truly necessary, or if a design change could minimize the amount of information collected
 Select what data will be processed: Selection is similar to exclusion; an organization or commercial entity can decide, case by case, to process only relevant personal information.
 Strip unnecessary data: Stripping allows for removal of unnecessary information for further processing or distribution.
 Destroy data when it is no longer needed: Once any personal information is no longer needed, organizations should plan to destroy it or remove it completely from a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is abstraction data strategy

A

o Abstraction limits the amount of detail in which personal information is processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the common ways to abstract data

A

 Group: Grouping aggregates data into correlated sets rather than processing it individually. Algorithms are sometimes used to “crowdsource” connections by grouping individuals based on previous purchases.
 Summarize: Summarizing puts detailed information into categories based on more abstract attributes. While grouping information is about correlations, summarizing separates out a data element about individuals from correlated groups.
 Perturb: Perturbing adds approximation or “noise” to data to reduce its specificity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is hiding data strategy

A

o Hiding protects personal information by making it unconnectable or unobservable to others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the ways in which information can be protected by implementing a hiding strategy

A

 Restrict: Restricting prevents unauthorized access
 Mix: Mixing processes personal information randomly within a large group to reduce correlation. mixing the data would provide the needed information without revealing personal details that could be tracked back to a specific individual or household.
 Obfuscate: Obfuscation obstructs the ability to read or understand personal information. i.e. done with encryption or hashing or coding
 Dissociate: Dissociation removes the correlation between subjects and their personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the aggregation technique

A

o information is expressed in a summary form that reduces the value and quality of data as well as the connection between the data and the individual it belongs to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the factors of aggregated data

A

 Frequency versus magnitude data: When reviewing aggregate data, you must first determine if the data is frequency data or magnitude data.
 Noise addition through differential privacy: When data is aggregated, personal identifiers are removed from the data set being shared.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is deidentified techniques

A

o Deidentification is one of the primary techniques used to prevent an individual’s identity from being connected to their personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can deidentification be accomplished

A

o Tokens:
 Tokenization is a system of deidentifying data, which uses random tokens as stand-ins for meaningful data. This process can be used to replace sensitive data with data that is not sensitive because it has no meaning.

o Anonymization:
 In anonymized data, direct and indirect identifiers have been removed, and mechanisms have been put in place to prevent reidentification.

o Pseudonymization:
 Data is pseudonymized by replacing individual identifiers (such as names) with numbers, letters, symbols, or a combination of these, such that data points are not directly associated with a specific individual

k-anonymity, l-diversity and t-closeness:
 k-anonymity, l-diversity and t-closeness are three techniques that have been developed to reduce the risk of anonymity of data being compromised by someone who might combine it with known information to make assumptions about individuals in a data set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is encryption technique

A

o encryption is used to protect privacy in an increasingly digital world. Encryption is the rapid scrambling of collected information that will require authorized access.

o Encrypted information is far less likely to be compromised and is better protected when sent over the internet or stored on a laptop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the concepts of encryption

A
  • Algorithms are mathematical applications applied to a block of data.
     Symmetric encryption: There are two kinds of encryption—symmetric and asymmetric
    -Asymmetric encryption uses one key for encryption and another key for decryption.
    -Application encryption, also known as file-level or document-based encryption, provides built-in encryption that is applied throughout a program (for example, databases, word processors and email programs).
    -record encryption, records are encrypted one record at a time.
    -Field encryption provides the ability to encrypt specific fields of data; typically, fields that are considered sensitive, such as credit card numbers or health-related information
    -Quantum encryption, also called quantum cryptography, uses the principles of quantum mechanics to encrypt messages in a way that prevents anyone other than the intended recipient from reading them
    -Public-key infrastructure makes public-key cryptography workable by providing tools for obtaining and verifying public keys that belong to individuals, web servers, organizations and other entities that require digital identification.
    -Homomorphic encryption allows encrypted information to be manipulated without first being decrypted.
    -polymorphic encryption, the algorithm (the encryption/decryption pair) is mutated with each copy of the code, while the outcome of the encryption remains the same for any given key.
    -Mix networks, also known as onion routing networks, are a way to hide one’s traffic within a crowd by combining traffic from multiple computers into a single channel that is sent between multiple computers, and then separating the traffic out again.
    -Secure multiparty computation is a class of algorithms that allow programs running on different computers to participate in computations such that results can be computed without compromising each party’s private data
    -Private information retrieval (PIR) is a range of protocols through which data can be retrieved from a database without revealing to the database or another observer the information that is retrieve
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is private information retrieval

A

Private information retrieval (PIR) is a range of protocols through which data can be retrieved from a database without revealing to the database or another observer the information that is retrieved

17
Q

What is private data in private information retrieval

A

Currently multiparty computation algorithms are faster than homomorphic encryption algorithms but harder to set up because of the need to coordinate the computations

18
Q

What is identity and access management (1)

A

o Access management is an essential tool in enforcing privacy requirements regarding who is able to access data

19
Q

What are the legal basis for processing the data

A

 Principle of least-privilege required: The idea of least privilege focuses on granting individuals and services the lowest possible access rights to resources that still allows them to perform required duties. This practice minimizes the ability of the user to access unnecessary resources or execute unneeded programs

 User- and role-based access controls: Both user-based and role-based access controls allow administrators to manage and control the access rights of a set of individuals in the same way they can manage access controls for one person.

20
Q

What is the common approach in processing data

A

•TIP: A common approach is a hybrid of role-based and user-based access controls. The role-based controls are used for the “standard” access control settings, and the userbased controls are meant for exceptions to the rule. This way, a company can quickly identify outliers during a privacy breach.

21
Q

what is authentication

A

o Authentication ensures that the right individuals are accessing the right resources.
o Authentication may require a single factor, using only one of the aforementioned categories (for example a password, a PIN number, an RFID card, or a fingerprint); or multiple factors, such as requiring an individual to scan an ATM card plus enter the correct PIN number, or to enter an ID and password plus a code that is sent to the user’s cell phone

22
Q

what are the four categories of authentication

A

 1. Something you know—for example, a user name or password;
 2. Something you are—such as finger prints or face or voice recognition;
 3. Something you have—such as tokens, keys, ID badges, and smart cards; or,
 4. Where you are—for example, a physical location that matches the expected location.

23
Q

What are the different types of authentication

A
  • Multifactor authentication, such as LaunchKey, reduces the risk of undesired access to resources, especially sensitive resources, by requiring more than one method of authentication to verify a user’s identity.
  • Domain-based Message Authentication, Reporting & Conformance is an email authentication, policy and reporting protocol that protects a domain from being used in phishing emails, spoofing, and other email scams and cyberthreat activities.
  • Digital Rights Management is used to ensure that digital content is only delivered to those who are authorized to receive it. It can also limit what assigned users can do with the content.
24
Q

What is process oriented strategies

A

o Process-oriented strategies often focus on four main areas: (1) enforcing policies and processes, (2) demonstrating compliance, (3) informing the individual, and (4) providing user control

25
Q

What is enforcing policies and process in process oriented strategy

A

o Organizations must commit to processing personal information in a privacy-friendly way and ensuring these commitments are honored
o policies, such as when to use encryption, should be routinely analyzed and applied at the appropriate level.
o privacy-by-design model this would generally be done at the implementation phase; however, some processes and policies are context-specific and should be developed as such

26
Q

What is demonstrating compliance in process oriented strategy

A

o An organization can demonstrate to regulators that it is processing personal information according to its established privacy policies and procedures

27
Q

What is informing individual in process oriented strategy

A

o An organization informs individuals about the processing of their personal information by providing a privacy notice and being transparent about how their information will be collected, used and shared

28
Q

what is providing user control in process oriented strategy

A

o applying the strategy of giving individuals control over their personal information allows for a more balanced relationship between the individual and an organization.

29
Q

What organization need to do when enforcing policies in process oriented strategy

A

 Create: Organizations should create internal privacy policies that best describe how the organization wishes to manage—and plans to protect—personal information;
 Maintain: Organizations should maintain established policies and processes to ensure consistency of privacy practices throughout the organization.
 Uphold: Organizations should uphold privacy and data protection policies as guiding principles across the organization, treating personal information as an asset and privacy as a primary goal.

30
Q

What are the steps need to follow when demonstrating compliance

A

 Log: Track all processing of data and review the information for anything that may present a risk. Any deviations from standard processing procedures, whether due to design, chance, or malicious actions, should be logged. Logs should be periodically reviewed so that post-activity sanctions, process changes or technology changes can be imposed.
 Audit: Perform audits regularly to ensure that logging and organizational activities are following established processes. Auditing provides visibility and an understanding of risks and ensures that both formal and informal processes are identified, managed and followed
 Report: Periodically collect information on tests, audits, and logs, and report feedback to those personnel who are responsible for policy and process implementation within the organization. This allows organizations to look at their privacy activities holistically and to use that information to improve privacy practices and processes

31
Q

What should organization inform individual in process oriented strategy

A

o Supply: Users should be informed about what personal information is being processed, as well as organizational policies and procedures for processing, and potential risks.
o Notify: Individuals should be notified by the organization if the personal information they provided has been breached or if the organization wishes to use the information in a manner inconsistent with the original disclosure or consent.
o Explain: Privacy notices should provide information in a concise and understandable form and clearly explain why the processing is necessary.

32
Q

What measure can be used provide individuals with control.

A

 Consent: The organization processes only personal information that has been freely given based on explicit and informed consent.
 Choice: The organization allows the individual to select or exclude the personal information that can be processed.
 Choice: The organization allows the individual to select or exclude the personal information that can be processed.
 Retract: The organization honors the individual’s right to have any personal information removed in a timely manner, if requested.

Privacy Technology (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions