Confidentiality and privacy ( Topic 5)

Question 1

Trust services Framework

Answer 1

Security
• Access to the system and its data is controlled and restricted to legitimate users.

Confidentiality
• Sensitive organisational information (e.g. marketing plans, trade secrets) is protected from unauthorised disclosure.

Privacy
• Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorised disclosure.

Processing Integrity
• Data are processed accurately, completely, in a timely manner, and only with proper authorisation.

Availability
• A system and its information are available to meet operational and contractual obligations.

Question 2

Confidentiality of Intellectual Property (IP)

What to protect?

Answer 2

•	Strategic plans 

•	Trade secrets 

•	Cost information 

•	Legal documents 

•	Process improvements 

•	All need to be secured
-	As they can all be sources of competitive advantage

Question 3

Data masking ( Tokenization)

Answer 3

To protect privacy organizations run data masking programs that replace such personal information with fake values before sending that data to the program development and testing system.

The fake data are called tokens; hence data masking is often referred to as tokenization.

Question 4

Steps in Securing IP( intellectual property)

Answer 4

1. Identify and classify ( classify - what is the impact if lost)
2. Encryptions - Process of obscuring information to make it unreadable without special knowledge, access or key
3. Controlling Access - Information rights management
4. Training employees of what can /can’t be read, accessed, copied , deleted , downloaded

Question 5

Privacy Concerns

Answer 5

Deals with protecting customer information
1. Spam-unsolicited e-mail that contains either advertising or offensive content. 

2. Identity theft-assuming someone’s identity, usually for financial gain. 

Companies have access to and thus must control customer’s personal information.

Question 6

CAN-SPAM’s guidelines or risk sanctions. Key provisions include the following:

Answer 6

● The sender’s identity clearly displayed in the header of the message.

● The subject field clearly identify the message as an advertisement or solicitation.

● The body of the message provide recipients with a working link that can be used to opt out of future e-mail.

● The body of the message must include the sender’s valid postal address

● Organizations should not send commercial e-mail to randomly generated addresses, nor should they set up websites designed to “harvest” e-mail addresses of potential customers

Question 7

How to preserve the confidentiality of sensitive information

Answer 7

(1) identify and classify the information to be protected,
(2) encrypt the information,
(3) control access to the information, and
(4) train employees to properly handle the information.

Question 8

How to preserve the confidentiality of sensitive information

- Identify and classify information

Answer 8

• identify where such information resides and who has access to it
• this inventory process can be time consuming and costly
• the next step is to classify the information in terms of its value to the organization

Question 9

How to preserve the confidentiality of sensitive information

- Protecting confidentiality ( Encryption)

Answer 9

Encription It is the only way to protect information in transit over the Internet.

• Also a necessary part of defense-in-depth to protect information stored on websites or in a public cloud
• Encryption only protects information while it is stored or being transmitted, not during processing, Thus, the employees (such as the Database Administrator and data analysts) who run the programs that use sensitive information can potentially view confi- dential information

Question 10

Controlling access to sentsitive information

Answer 10

information rights management (IRM) - Software that offers the capability not only to limit access to specific files or documents but also to specify the actions

-Some IRM software even has the ca-pability to limit access privileges to a specific period of time and to remotely erase protected files.

Data loss prevention (DLP) software, which works like antivirus programs in reverse, blocking outgoing messages (whether e-mail, IM, or other means) that contain key words or phrases associated with the intellectual property or other sensitive data the organization wants to protect. DLP software is a preventive control. – accesses outbound traffic

-can and should be supplemented by embedding code called a digital watermark

Access controls designed to protect confidentiality must be continuously reviewed and modified to respond to new threats created by technological advances

Virtualization and cloud computing also affect the risk of unauthorized access to sensitive or confidential information ( highly sensitive and confidential data probably should not be stored in a public cloud because of lack of control over where that information is actually stored and because of the risk of unauthorized access)

Question 11

Digital watermark

Answer 11

The digital watermark is a detective control that enables an organization to identify confidential information that has been disclosed, disclosure of sensitive information.

When an organization discovers documents containing its digital watermark on the Internet, it has evidence that the preventive controls designed to protect its sensitive information have failed.

Should then investigate how the compromise occurred and take appropriate corrective action

Question 12

How to preserve the confidentiality of sensitive information

- Training

Answer 12

Training is arguably the most important control for protecting confidentiality.

Employees need to know what information they can share with outsiders and what information needs to be protected

Question 13

Privacy Regulatory Acts

Answer 13

Spam Act 2003 (Cth) Cybercrime Act 2001

Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000

Question 14

Generally Accepted Privacy Principles

Answer 14

-Management
-Notice
-Choice and consent

-Collection
-Use, retention, and disposal
-Access
-Disclosure to third parties
-Security
Quality


Question 15

Generally Accepted Privacy Principles

- Management

Answer 15

• Procedures and policies with assigned responsibility and accountability

Question 16

Generally Accepted Privacy Principles

- Notice

Answer 16

• Provide notice of privacy policies and practices prior to collecting data

Question 17

Generally Accepted Privacy Principles

- Choice and consent


Answer 17

• Opt-in versus opt-out approaches
- Organizations should explain the choices available to individuals and obtain their consent prior to the collection and use of their personal information

Question 18

Generally Accepted Privacy Principles

- Collection

Answer 18

• Only collect needed information

One particular issue of concern is the use of cookies on websites

Question 19

Cookie

Answer 19

text file created by a website and stored on a visitor’s hard disk. Cookies store information about what the user has done on the site

Question 20

Generally Accepted Privacy Principles

-Use, retention, and disposal

Answer 20

• Use information only for stated business purpose. When no longer useful, dispose in a secure manner.

Question 21

Generally accepted privacy principles

- Access

Answer 21

• Customer should be able to review, correct, or delete information collected on them

Question 22

Generally Accepted Privacy Principles

-Disclosure to third parties

Answer 22

Organizations should disclose their customers’ personal in- formation to third parties only in the situations and manners described in the organization’s privacy policies and only to third parties who provide the same level of privacy protection as does the organization that initially collected the information

Question 23

Generally Accepted Privacy Principles

-Security

Answer 23

• Protect from loss or unauthorized access

Achieving an acceptable level of infor- mation security is not sufficient to protect privacy. It is also necessary to train employees to avoid practices that can result in the unintentional or inadvertent breach of privacy

Question 24

Generally Accepted Privacy Principles

-Quality


Answer 24

• Organizations should maintain the integrity of their customers’ personal in- formation and employ procedures to ensure that it is reasonably accurate

Question 25

encryption

Answer 25

the process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext.

• Preventive control
• Decryption reverses this process

Question 26

plaintext

Answer 26

• normal text that has not been encrypted

Question 27

ciphertext

Answer 27

• Plaintext that was transformed into unreadable gibberish using encryption.

Question 28

decryption

Answer 28

• transforming ciphertext back into plaintext

Question 29

Three important factors determine the strength of any encryption system:

Answer 29

(1) key length - Longer keys provide stronger encryption by reducing the number of repeating blocks in the ciphertext
(2) encryption algorithm, and - A strong algorithm is difficult, if not impossible, to break by using brute-force guessing techniques.

(3) policies for managing the cryptographic keys.
- not storing cryptographic keys in a browser or any other file that other users of that system can readily access and
- using a strong (and long) passphrase to protect the keys.

Question 30

Types of Encryption

Answer 30

Symmetric


Assymetric

Question 31

symmetric encryption systems

Answer 31

Encryption systems that use the same key both to encrypt and to decrypt.
.
• Pro: fast

• Con: vulnerable

Question 32

Asymmetric encryption systems

Answer 32

Encryption systems that use two keys (one public, the other private); either key can encrypt, but only the other matching key can decrypt.

• Pro: very secure

• Con: very slow

Question 33

Public key

Answer 33

one of the keys used in asymmetric encryption systems.

It is widely distributed and available to everyone.

Question 34

Private key

Answer 34

one of the keys used in asymmetric encryption systems.

It is kept secret and known only to the owner of that pair of public and private keys.

Question 35

Encrytion

- Hybrid Solution

Answer 35


• Use symmetric for encrypting information.


• Use asymmetric for encrypting symmetric key for decryption.

Question 36

Key escrow

Answer 36

Encryption alternative is a process called key escrow, which involves making copies of all encryption keys used by employees and storing those copies securely.

Question 37

Hashing

Answer 37

Converts information into a ‘hashed’ code of fixed length.
The code can not be converted back to the text.
If any change is made to the information the hash code will change, thus enabling verification of information.

Question 38

Digital Signatures

Answer 38

digital signature - A hash encrypted with the hash creator’s private key.

Used to create legally binding agreements (two steps to create)

1. Document creator uses a hashing algorithm to generate a hash of the original document
2. Document creator uses private key to encrypt step 1 above
   Result :The encrypted has is a legally binding signature

Question 39

Digital certificate

Answer 39

• Electronic document that contains an entity’s public key. 

• Certifies identity of owner of that particular public key. 

• Issued by certificate authority. 

• Public key infrastructure (PKI).

Question 40

certificate authority

Answer 40

An organization that issues public and pri- vate keys and records the public key in a digital certificate.

Question 41

public key infrastructure (PKI)

Answer 41

The system for issuing pairs of public and private keys and corresponding digital certificates

Question 42

Virtual Private Network

Answer 42

Using encryption and authentication to securely transfer information over the Internet, thereby creating a “virtual” private network.

Securely transmits encrypted data between sender and receiver

Sender and receiver have the appropriate encryption and decryption keys.

Question 43

Controls Ensuring Processing Integrity ( Process stages )

Answer 43

• Input
• Processing
• Output

Question 44

Controls Ensuring Processing Integrity

- Input

Answer 44

Threats and Risks 
Data is; 
- Invalid 
-unauthorised
- incomplete 
-inaccurate 

Controls
Form Design


Authorisation and segregation of duties

Visual scanning

Data entry controls

Question 45

Input

Cancellation and storage of source documents.

Answer 45

Cancellation and storage of source documents.
Source documents that have been entered into the system should be canceled so they cannot be inadvertently or fraudulently reentered into the system

Question 46

Input

-Form design

Answer 46

Form Design
- Source documents and other forms should be designed to minimize the chances for errors and omissions.

Two particularly important forms design controls
1. All forms should be sequentially numbered. Prenumbering improves con- trol by making it possible to verify that no documents are missing
2. Use of turnaround documents
A turnaround document is a record of company data sent to an external party and then returned by the external party for subsequent input to the system

Question 47

Input

Data Entry Controls

Answer 47

Source documents should be scanned for reasonableness and pro- priety before being entered into the system. However, this manual control must be supple- mented with automated data entry controls, such as the following:

Field check

• An edit check that tests whether the characters in a field are of the correct field type (e.g., numeric data in numeric fields).
• Characters proper type? Text, integer, date, and so on

• Sign check


• An edit check that verifies that the data in a field have the appropriate arithmetic sign
• Proper arithmetic sign?

• Limit check

- An edit check that tests a numerical amount against a fixed value.
- Input checked against fixed value?
(hrs works wk=40hrs)

• Range check

• An edit check that tests whether a data item falls within predetermined up- per and lower limits.
• Input within low and high range value?

• Size check
- An edit check that ensures the input data will fit into the assigned field.
- Input fit within field? (input includes more digits that
field can accept)


• Completeness check

• An edit check that verifies that all data required have been entered.
• Have all required data been entered?

Validity check

• An edit test that compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists
• Input compared with master data to confirm existence (e.g. not every 16 digit number is a valid cc number)

Reasonableness check
An edit check of the logical correctness of relationships among data items.
- Logical comparisons (seasonal claims)

Prompting

- Input requested by system

Close-loop verification
- Uses input data to retrieve and display related data

Question 48

Check digit verification

Answer 48

Computed from input value to catch typo errors (e.g. 7digit ID)

Question 49

Batch Input Controls

Answer 49

• Batch Processing

- Batch Totals

Question 50

Batch Input Controls

- Batch Processing

Answer 50

• Input multiple source documents at once in a group (e.g. processes trading day transactions together).

A sequence check tests whether a transaction file is in the proper numerical or alpha- betical sequence.

Question 51

Batch Input Controls

-Batch Totals

Answer 51

• Compare input totals to output totals.
- Financial Sums a field that contains monetary values. (e.g.total paid to all employees)

• Hash
Sums a non-financial numeric field. (e.g. total of employee IDs)
• Record count
The number of records in a batch.

Question 52

Processing

Answer 52

Threats/risks
Error in output and stored data

Controls

• Data matching
• File labels
• Batch Total Recalculation
• Cross-footing and zero balance tests

• Write-protection

• Concurrent update

Question 53

Processing controls

• Data Matching
• File labels

Answer 53

Data matching
• Multiple data values must match before processing occurs (e.g. vendor info on invoice matches info in P/O and goods received report)

File Labels

• Ensure correct and most current file is being updated.

Two important types of internal labels are header and trailer records.

• The header record is located at the beginning of each file and contains the file name, expiration date, and other identification data.
• The trailer record is located at the end of the file; in transaction files it contains the batch totals calculated during input. Programs should be designed to read the header record prior to processing

Question 54

Processing controls

• Batch Total Recalculation
• Cross-footing and zero balance tests


Answer 54

Batch Total Recalculation
• Compare calculated batch total after processing to input totals (e.g. if computed record count > invoice count then illegal transactions entered???; if batch total difference divisible by 9 then transposition error may have occurred)
- Conversely, if the recomputed record count is larger than the original, either additional unauthorized transactions were processed, or some transaction records were processed twice. If a financial or hash total discrepancy is evenly divisible by 9, the likely cause is a transposition error

Cross-footing and zero balance tests

• Compute totals using multiple methods to ensure the same results.
A cross-footing balance test compares the results produced by each method to verify accuracy.
A zero-balance test applies this same logic to verify the ac- curacy of processing that involves control accounts.

Question 55

Processing controls

• Write protection
• Concurrent update

Answer 55

Write-protection

• Eliminate possibility of overwriting or erasing existing data (change product prices in database).

Concurrent update
• Locking records or fields when they are being updated so multiple users are not updating at the same time. (e.g. simultaneous access to same credit card account).

Question 56

Output

Answer 56

Threats/ Risks

• Use of inaccurate or incomplete reports
• unauthorised disclosure of sensitive information
• Loss, alteration or disclosure of information in transit

Controls

• Reviews and reconciliation
• encryption and access controls
• Parity checks
• Message acknowlegement techniques

Question 57

OutPut controls

Answer 57

User Review of output
• Verify reasonableness, completeness and routed to intended individual.

Reconciliation procedures
Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms
(e.g. balance of inventory control account must equal sum of item balances in inventory database)

External Data Reconciliation
Database totals should periodically be reconciled with data maintained outside the system.

Data Transmission Controls
• Check sums (digest)
- Hash of file transmitted, comparison made of hash before and after transmission.

• Parity checking
- Bit added to each character transmitted, the characters can then be verified for accuracy.

Question 58

parity bit

Answer 58

An extra bit added to every character; used to check transmission accuracy.

Question 59

Availability

- Key objectives

Answer 59

1. Minimize risk of system downtime


2. Quick and complete recovery and resumption of normal operations

Question 60

Availability

Minimize risk of system downtime
 ( controls )

Answer 60

Preventive Maintenance
• Cleaning (junk files), proper storage (e.g. dry place) of disk drives

Fault Tolerance
• Ability of a system to continue if a part fails (modular design).

Data Centre Location
• Minimise risk of natural and human created disasters (raised floors; fire detection; surge protection).

Training
• Less likely to make mistakes and will know how to recover, with minimal damage, from errors they do commit.

Patch Management

• Install, run and keep current antivirus and anti-spyware programs.

Question 61

Availability

Recovery and resumption of normal operations ( controls )

Answer 61

• Back up procedures
• Business Continuity Plan (BCP)
• Disaster Recovery Plan (DRP)

Question 62

Recovery ( Back up )

Answer 62

Data Back-up procedures
• Incremental
- Copy only data that changed from last partial backup. involves copying only the data items that have changed since the last partial backup. This produces a set of incremental backup files, each containing the results of one day’s transactions

• Differential
- Copy only data that changed from last full backup. Copies all changes made since the last full backup. Thus, each new differential backup file contains the cumulative effects of all activity since the last full backup. Consequently, except for the first day following a full backup, daily differen- tial backups take longer than incremental backups

Question 63

Business Continuity Plan (BCP)

Answer 63

How to resume not only IT operations but all business processes.

- Relocating to new offices 

- Hiring temporary replacements

Question 64

Disaster Recovery Plan (DRP)

Answer 64

Procedures to restore an organisation’s IT function in the event that its data centre is destroyed.

• Cold Site - less popular due to the cloud
- An empty building that is prewired for necessary telephone and internet access, plus a contract with one or more vendors to provide all necessary equipment within a specified period of time.

• Hot Site
- A facility that is not only prewired for telephone and internet access but also contains all the computing and office equipment the organisation needs to perform its essential business activities.

• Second Data Centre ( real-time mirroring)

- Used for backup and site mirroring - The third op- tion is real-time mirroring, which involves maintaining two copies of the database at two separate data centers at all times and updating both databases in real-time as each transaction occurs.