510
510
510
Information Systems Controls for System Reliability Part 2: Confidentiality and Privacy
9-1
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall
Learning Objectives
Identify and explain controls designed to protect the confidentiality of sensitive corporate information.
Identify and explain controls designed to protect the privacy of customers personal information.
9-2
Confidentiality (Chapter 8)
Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
Privacy
Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
9-3
Legal documents
Process improvements All need to be secured
9-4
Steps in Securing IP
Identification and Classification
Where is the information, who has access to it? Classify value of information
The process of obscuring information to make it unreadable without special knowledge, key files, or passwords.
Encryption
Controlling Access
Information rights management: control who can read, write, copy , delete, or download information. Most important! Employees need to know what can or cant be read, written, copied, deleted, or downloaded
Trainingj
9-5
Privacy
Deals with protecting customer information vs. internal company information
Same controls
Identification and classification Encryption Access control Training
9-6
Privacy Concerns
SPAM
Unsolicited e-mail that contains either advertising or offensive content CAN-SPAM (2003) Criminal and civil penalties for spamming
Identity Theft
The unauthorized use of someones personal information for the perpetrators benefit.
Companies have access to and thus must control customers personal information.
9-7
9-8
2.
7.
3.
8.
4.
9.
5.
Encryption
Preventive control
Process of transforming normal content, called plaintext, into unreadable gibberish Decryption reverses this process
9-10
Encryption Strength
Key length
Number of bits (characters) used to convert text into blocks 256 is common
Algorithm
Manner in which key and text is combined to create scrambled text
9-11
Types of Encryption
Symmetric
One key used to both encrypt and decrypt Pro: fast Con: vulnerable
Asymmetric
Different key used to encrypt than to decrypt Pro: very secure Con: very slow
Hybrid Solution
Use symmetric for encrypting information Use asymmetric for encrypting symmetric key for decryption
9-12
Hashing
Converts information into a hashed code of fixed length.
The code can not be converted back to the text. If any change is made to the information the hash code will change, thus enabling verification of information.
9-13
Digital Signature
Hash of a document
Using document creators key Provides proof:
That document has not been altered Of the creator of the document
9-14
Digital Certificate
Electronic document that contains an entitys public key
Certifies the identity of the owner of that particular public key Issued by Certificate Authority
9-15
9-16
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: