Chapter 9

Question 1

4 actions to preserve confidentiality

Answer 1

1. id and classify information to be protected
2. encryption of sensitive information
3. controlling access to sensitive information
4. training

Question 2

Information rights management (IRM)

Answer 2

software that provides an additional layer of protection to specific information resources, offering the capability not only to limit access to specific files but also to specify the ACTIONS that individuals who are granted access to that resource can perform.

Question 3

Data Loss Prevention Software

Answer 3

controls and monitors downloads of data and outbound transmissions - preventive control

Question 4

Digital watermark

Answer 4

a detective control that enables an organization to identify confidential information that has been disclosed.

Question 5

Encryption

Answer 5

a preventive control that can be used to protect both confidentiality and privacy. It is the process of transforming plaintext (normal content) into cipher text (unreadable gibberish).

Question 6

Data Masking

Answer 6

programs that replace customer’s personal information with fake values before sending that data to the program development and testing system

Question 7

Decryption

Answer 7

ciphertext into plaintext

Question 8

3 important factors determine the strength of any encryption system:

Answer 8

1. key length
2. encryption algorithm
3. policies for managing the cryptographic keys.

Question 9

Key escrow

Answer 9

involve making copies of all encryption keys used by employees and storing those copies securely.

Question 10

Symmetric Encryption

Answer 10

uses the same key to encrypt and decrypt

Question 11

advantages of symmetric encryption

Answer 11

it is much faster than asymmetric encryption

Question 12

disadvantages of symmetric encryption

Answer 12

1. both parties need to know the secret key.
2. Unique keys for each partner set.
   100 customers = 100 keys.
3. Either party can change text: can’t sign responsibility

Question 13

Asymmetric Encryption

Answer 13

uses two keys, public and private key. Either key can be used to encrypt, but the other key must be used to decrypt.

Question 14

Advantages of Asymmetric Encryption

Answer 14

1. solves problem of communication symmetric key.
2. public key can be shared openly, web or email
3. private key creates digital signature

Question 15

Disadvantages of Asymmetric Encryption

Answer 15

much slower than symmetric and not useful for large documents/files

Question 16

Hashing

Answer 16

takes plaintext of any length and transforms it into a short code, hash. It provides data integrity and support digital signature

Question 17

Digital certificate

Answer 17

is an electronic document, created and digitally signed by trusted 3rd party. certifies the id of the owner of a particular public key and contains the party’s public key. Issued by certificate authorities. like a passport or license

Question 18

nonrepudiation

Answer 18

how to create legally binding agreements that cannot be unilaterally repudiated by either party.

Question 19

Digital signature

Answer 19

a has of a document that is encrypted using the document creator’s private key

Question 20

Public Key Infrastructure

Answer 20

the system for issuing pairs of public and private keys and corresponding digital certificates.

Question 21

Virtual Private Networks

Answer 21

Create encrypted tunnel between devices. SSL in the browser, IPSec connects between hosts and networks