AIS CH 9
Information systems controls for system reliability - part 2: Confidentiality and privacy
Terms in this set (72)
Preserving confidentiality of intellectual property, and similar information shared by its business partners, has long been recognized as a basic objective of information security.
Actions to preserve confidentiality
1. identification and classification of the information to be protected
2. encryption of sensitive information
3. controlling access to sensitive information
Identification and classification of information to be protected
1. identify where such information resides and who has access to it
2. after identifying the info that are needed to be protected, classify the information in terms of its value to the organization.
3. once the value is classified, the appropriate set of controls can be deployed to protect it
Protecting confidentiality and encryption
Encryption is the only way to protect information in transit over the internet. Encryption of client's data that is stored on the portal provides an additional lay of protection in the event of unauthorized access to the portal. Encryption information stored in a public cloud protects it from unauthorized access by employees of the cloud service provider or by anyone else who is using the same cloud. However, physical access control is needed too.
Controlling Access to sensitive information
Information rights management, physical access controls, controlling disposal of information resources, control over outbound communication. Access controls designed to protect confidentiality must be continuously reviewed and modified to respond to new threat created by tech advancement.
Information rights management
software provides an additional layer of protection to specific information resources, offering the capability not only to limit access to specific files or documents, but also specify the actions that individuals who are granted access to that resource can perform
physical access control
preventing someone with unsupervised access from quickly downloading and copying gigabytes of confidential information onto a USB drive, and IPOD, a Cell phone, or other portable device. (screen protector, restrict access to a room, password needed after a few mins)
controlling disposal of information resources
Documents with confidential information needs to be shredded, special procedure are needed to destroy information stored on magnetic and optical media. proper disposal of computer media requires use of special software designed to wipe the media clean and repeatedly overwriting the disk or drive with random patterns of data.
control over outbound communication
data loss prevention software
data loss prevention (DTP)
works like antivirus programs in reverse, blocking outgoing messages that contain key words or phrases associated with the intellectual property or other sensitive data the organization wants to protect. it is a preventive control. Can and should be supplemented by embedding code called digital watermark in documents.
is a detective control that enables an organization to identify confidential information that has been disclosed
VoIP conversations about sensitive topics should be encrypted
arguably the most important control for protecting confidentiality. Employees need to know what information they can share with outsider and what information needs to be protected. need to be taught how to protect confidential data (logging out, encryption software, code report, not leaving "info" on desk) Proper use of emails, IMs, and blogs
focuses on protecting personal information about customer
1. identification of the information that needs to be protected, encryption, access control, and training.
1. to protect the privacy of personal information collected from customers is to identify what information is collected, where it is stored, and who has access to it.
2. implement controls to protect that information (encryption is a fundamental control)
3. must have access control and training (strong authentication and authorization)
4. Data masking programs
5. train employees how how to manage and protect personal information collected from customer
Data masking programs
replace customer personal information with fake values before sending the data to the program development and testing system
Spams and Identity theft
unsolicited email that contains either advertising or offensive content. Privacy related issue because recipients are often targeted as a result of unauthorized access to email address lists and databases containing personal information
Controlling the assault of non-solicited pornography and marketing (CAN-SPAM)
provides both criminal and civil penalties for violation of laws, applies to commercial emails
Follow the CAN-SPAM Guideline
1. sender's identity must be clearly displayed in the header of the message
2. the subject field in the header must clearly identify the message as an advertisement or solicitation
3.the body of the message must provide recipients with a working link that can be used to opt out of future email. after receiving an opt-out request, organizations have 10 days to implement steps to ensure they do not send any additional unsolicited email to that address. this means that organization need to assign someone responsibility for processing opt-out request
4. the body of the message must include the sender's valid postal address. although not required, best practice would be to also include full street address, telephone, and fax number
5. organization should not send commercial email to randomly generated addresses, nor should they set up web sites designed to "harvest" e-mail addresses from potential customers. experts recommend that organizations redesign their own web sites to include a visible means for visitors to opt in to receive email, such as checking a box
unauthorized use of someone's personal information for the perpetrator's benefits
Privacy Regulations and generally accepted privacy principles
Laws HIPAA, HITECH, Financial services modernization act, impose specific requirements on organizations to protect the privacy of their customers' personal information. GAPP is created to help help organizations cost-effectively comply with these requirement
identifies the following 10 internationally recognized best practices for protecting the privacy of customer's personal information: management, notice, choice and consent, collection, use and retention, access, disclosure to third parties, security, quality, and monitoring and enforcement
Establish a set of procedures and policies for protecting the privacy of personal information they collect from customers, as well as information about their customers obtained from third parties such as credit bureau. assign responsibility and accountability for implementing those policies and procedures to a specific person or group of employees
an organization should provide notice about its privacy policies and practices at or before the time it collects personal information from customers, or as soon as practicable thereafter. the notice should clearly explain what information is being collect, the reason for it collections, and how the information will be used.
choice and consent
should explain the choices available to individuals and obtain their consent prior to the collection and use of their personal information
should collect only the information needed to fulfill the purposes stated in it privacy policies. a concern is cookies on websites
is a text file created by a web site and stored on a visitor's hard disk. Cookies are textiles, which means that they cannot "do" anything beside store information.
use and retention
use customers' personal information only in the manner described in their stated privacy policies and retain that information only as long as it is needed to fulfill a legitimate business purpose. this means that organization need to create retention policies and assign someone responsibility for ensuring compliance with those policies
provide individuals with the ability to access, review, correct, and delete the personal information stored about them
disclosure to third party
disclose their customers' personal information to third parties only in the situations and manner described in the organization's privacy policies and only to third parties who provide the same level of privacy protection as doe the organization which initially collect the information.
preventive, detective, corrective controls. Train employees to avoid practices that can result in the unintentional or inadvertent breach of privacy
maintain the integrity of their customers' personal information and employ procedures to ensure that it is reasonably accurate. providing customers with a way to review the personal information stored by the organization can be a cost effective way.
monitoring and enforcement
assign one or more employees to be responsible for ensuring compliance with its state privacy policies. Must periodically verify their employees are complying with stated privacy policies. should establish procedures for responding to customer complaints, including the use of a third party dispute resolution process.
preventive control that can be used t protect both confidentiality and privacy
Is the process of transforming normal content called PLAIN TEXT, into unreadable gibberish called CIPHERTEXT. Decryption reverse it. Both decryption and encryption involves use of a key and algorithm. encryption process begins by dividing the plaintext into block, each block being the equal length to the key. Algorithm is applied to the key and the block of plaintext.
normal content in encryption
gibberish text in encryption
Reverse the process of encryption. Ciphertext->plaintext
is a formula for combining the key and the text
a string of binary digits of a fixed length. (E.G. 128-bit key consists of a strings of 128 0s and 1s)
Factors that influence encryption strength
key length, encryption algorithm, and policies for managing the cryptographic keys.
longer keys provide strong encryption by reducing the number of repeating blocks in the ciphertext. It makes it harder to spot patterns in the ciphertext that reflect patterns in the original plaintext
a strong algorithm is difficult, if not impossible, to break by using brute-force guessing techniques.
Policies for managing cryptographic keys
Cryptographic keys must be stored securely and protected with strong access control. Know how to decrypt it by a built in master key. key escrow involves making copies of the encryption keys used by employees and storing those copies securely. procedures to issuing and revoking keys. issue keys to verified user. promptly revoke keys from employee leaves
Types of encryption system
Symmetric encryption system and asymmetric encryption system
Symmetric encryption system
use the same key both to encrypt and to decrypt; faster than asymmetric
asymmetric encryption system
use two keys; public key and private key; either keys can be used to encrypt, but only the other key can decrypt the ciphertext
is widely distributed and available to everyone
is kept secret and known only to the owner of the pair of keys.
two problems with symmetric
1. both parties need to know and share secret keys
2. a separate secret key needs to be created for use by each party with whom the use of encryption is desired
(asymmetric solves these problems)
one draw back for asymmetric
speed, much slower than symmetric, making it impractical for use to exchange large amount of data over the internet
process that takes plaintext of any length and transforms it into a short code called a hash. throws away information
hashing differs from encryption
1. encryption always produces ciphertext similar in length to original plain text, but hashing always produces a has that is of a fixed short length plaintext.
2. encryption is reversible, but hashing is not
is a hash of a document that is encrypted using the document creator's private key. provide proof about two important issues: 1. copy of a document or file has not been alter and 2. who created the original version of a digital document or file. provide assurance that someone cannot enter into a digital transaction and then subsequently deny they ha done so and refuse to fulfill their side of the contract.
important issue for business transactions. how to create legally binding agreements that cannot be unilaterally repudiated by either party.
How does digital signature provide assurance?
two hashes are identical, it means that two documents or files are identical
electronic document that contains an entity's public key and certifies the identity of the owner that particular public key. Provides a mechanism for securely obtaining and verifying the validity of another party's public key.
digital certificates that are issued by an organization and contain the certificate authority's digital signature to prove they are genuine
Public key infrastructure
system for issuing pairs of public and private keys and corresponding digital certificates
hinges on trusting the certificate authorities that issue the key and certificate.
VPNs (virtual private network)
provides the functionality of a privately owned secure network without the associated costs of leased telephone lines, satellites, and other communication equipment
encrypts information while it is in transit over the internet
creates private communication channels called tunnels which are accessible only to parties possessing the appropriate encryption/decryption tools
which of the following statements are true?
cookies are text files that only store information
a digital signature
created by hashing a document and then encrypting the has with the signer's private key
able wants to send a file to baker over the internet and protect the file so that only baker can read it and can verify that it came from able. what should able do?
encrypt the file using Able's private key and then encrypt it again using Baker's public key
which of the following statement is true?
encryption is reversible, hashing is not
confidentiality focuses on protecting
merger and acquisition plan
which of the following statements about obtaining consent to collect and use of customer's personal information is true
the default policy in europe is opt in, but in the US the default is opt-out
one of the ten GAPP concerns security. according to GAPP, what is the nature of relation between security and privacy?
security is a necessary, but not sufficient, precondition to protect privacy.
which of the following statements is true?
symmetric encryption is faster than asymmetric encryption but cannot be used to provide non repudiation of contracts.
Which of the following statement is true??
a. VPNs protect the confidentiality of information while it is in transit over the internet
b. encryption limits firewall's ability to fiter traffic
c. a digital certificate contains the entity's public key
d. all of the above are true
d. all of the above are true
which of the following can organizations use to protect the privacy of a customer's personal information when giving programers a realistic data set with which to test a new application?