Chapter 9 Flashcards
4 actions to preserve confidentiality
- id and classify information to be protected
- encryption of sensitive information
- controlling access to sensitive information
- training
Information rights management (IRM)
software that provides an additional layer of protection to specific information resources, offering the capability not only to limit access to specific files but also to specify the ACTIONS that individuals who are granted access to that resource can perform.
Data Loss Prevention Software
controls and monitors downloads of data and outbound transmissions - preventive control
Digital watermark
a detective control that enables an organization to identify confidential information that has been disclosed.
Encryption
a preventive control that can be used to protect both confidentiality and privacy. It is the process of transforming plaintext (normal content) into cipher text (unreadable gibberish).
Data Masking
programs that replace customer’s personal information with fake values before sending that data to the program development and testing system
Decryption
ciphertext into plaintext
3 important factors determine the strength of any encryption system:
- key length
- encryption algorithm
- policies for managing the cryptographic keys.
Key escrow
involve making copies of all encryption keys used by employees and storing those copies securely.
Symmetric Encryption
uses the same key to encrypt and decrypt
advantages of symmetric encryption
it is much faster than asymmetric encryption
disadvantages of symmetric encryption
- both parties need to know the secret key.
- Unique keys for each partner set.
100 customers = 100 keys. - Either party can change text: can’t sign responsibility
Asymmetric Encryption
uses two keys, public and private key. Either key can be used to encrypt, but the other key must be used to decrypt.
Advantages of Asymmetric Encryption
- solves problem of communication symmetric key.
- public key can be shared openly, web or email
- private key creates digital signature
Disadvantages of Asymmetric Encryption
much slower than symmetric and not useful for large documents/files