Terms in this set (13)

Two major privacy-related concerns are spam and identity theft
Spam
Spam: Unsolicited e-mail that contains either advertising or offensive content
Spam is a privacy-related issue because recipients are often targeted as a result of unauthorized access to e-mail address lists and databases containing personal information...spam reduces efficiency benefits of e-mail and is a source of viruses, worms, spyware, and other malware...To deal with this problem, the U.S. Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act in 2003...provides criminal and civil penalties for violations of the law...applies to commercial e-mail, which includes much of the legitimate e-mail many organizations send to their customers, suppliers, and in the case of nonprofit organizations, their donors...
Thus, organizations need to be sure to follow CAN-SPAM's guidelines or risk sanctions. Key provisions include the following:
The sender's identity must be clearly displayed in the header of the message
The subject field in the header must clearly identify the message as an advertisement or solicitation
The body of the message must provide recipients with a working link that can be used to opt out of future e-mail. After receiving an opt-out request, organizations have 10 days to implement steps to ensure they do not send any additional unsolicited e-mail to that address. This means that organizations need to assign someone the responsibility for processing opt-out requests
The body of the message must include the sender's valid postal address. Although not required, best practice would be to also include full street address, telephone, and fax numbers
Organizations should not send commercial e-mail to randomly generated addresses, nor should they set up websites designed to "harvest" e-mail addresses of potential customers. Experts recommend that organizations redesign their own websites to include a visible means for visitors to opt in to receive e-mail, such as checking a box
dentity Theft
Identity Theft: Assuming someone's identity, usually for economic gain
Often, identity theft is a financial crime...growing proportion of identity theft cases involve fraudulently obtaining medical care and services...tax identity theft is another growing problem...Focus 9-1 discusses the steps that individuals should take to minimize the risk of becoming a victim of identity theft...organizations also play a role in preventing identity theft...organizations have an ethical and moral obligation to implement controls to protect the personal information that they collect and benefit from...from customers, employees, suppliers, and business partners
Cookie: A text file created by a Web site and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site
GAPP identifies and defines the following 10 internationally recognized best practices for protecting the privacy of customers' personal information:
Management. Organizations need to establish a set of procedures and policies for protecting the privacy of personal information they collect from customers, as well as information about their customers obtained from third parties such as credit bureaus. They should assign responsibility and accountability for implementing those policies and procedures to a specific person or group of employees
Notice. An organization should provide notice about its privacy policies and practices or before the time it collects personal information from customers, or as soon as practicable thereafter. The notice should clearly explain what information is being collected, the reasons for its collection, and how the information will be used
Choice and consent. Organizations should explain the choices available to individuals and obtain their consent prior to the collection and use of their personal information. The nature of the choices offered differs across countries. In the United States, the default policy is called opt-out, which allows organizations to collect personal information about customers unless the customer explicitly objects. In contrast, the default policy in Europe is opt-in...Even in the US, GAPP recommends organizations follow the opt-in approach and obtain explicit positive consent prior to collecting and storing sensitive personal information
Collection. An organization should collect only the information needed to fulfill the purposes stated in its privacy policies. One particular issue of concern is the use of cookies on websites. A cookie is a text file created by a website and stored on a visitor's hard disk. Cookies store information about what the user has done on the site...text files so they cannot "do" anything besides store information. They do, however, contain personal information that may increase the risk of identity theft and other privacy threats. Browsers can be configured to not accept cookies, and GAPP recommends that organizations employ procedures to accede such requests and not surreptitiously use cookies
Cookie: A text file created by a Web site and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site
Use and retention. Organizations should use customers' personal information only in the manner described in their stated privacy policies and retain that information only as long as it is needed to fulfill a legitimate business purpose. This means that organizations need to create retention policies and assign someone responsibility for ensuring compliance with those policies
Access. An organization should provide individuals with the ability to access, review, correct, and delete the personal information stored about them
Disclosure to third parties. Organizations should disclose their customers' personal information to third parties only in the situations and manners described in the organization's privacy policies and only to third parties who provide the same level of privacy protection as does the organization that initially collected the information. This principle has implications for using cloud computing, because storing customers' personal information in the cloud may make it accessible to the cloud provider's employees; hence such information should be encrypted at all times
Security. An organization must take reasonable steps to protect its customers' personal information from loss or unauthorized disclosure. Indeed, it is not possible to protect privacy without adequate information security. Therefore, organizations must use the various preventive, detective, and corrective controls discussed in Chapter 8 to restrict access to their customers' personal information. However, achieving an acceptable level of information security is not sufficient to protect privacy...also necessary to train employees to avoid practices that can result in unintentional or inadvertent breach of privacy...One sometimes-overlooked issues concerns the disposal of computer equipment...important to follow the suggestions presented in the section on protecting confidentiality for properly erasing all information stored on computer media...Just as special procedures are used to black out (redact) personal information on paper documents, organizations should train employees to use procedures to remove such information on electronic documents in a manner that prevents the recipient of the document from recovering the redacted information
Quality. Organizations should maintain the integrity of their customers' personal information and employ procedures to ensure that it is reasonably accurate. Providing customers with a way to review the personal information stored by the organization (GAPP principle 6) can be a cost-effective way to achieve this objective
Monitoring and enforcement. An organization should assign one or more employees to be responsible for ensuring compliance with its stated privacy policies. Organizations must also periodically verify that their employees are complying with stated privacy policies. In addition, organizations should establish procedures for responding to customer complaints, including the use of a third-party dispute resolution process
Generally Accepted Privacy Principles
-Management
-Procedures and policies with assigned responsibility and accountability
-Notice
-Provide notice of privacy policies and practices prior to collecting data
-Choice and Consent
-Opt-in versus opt-out approaches
-Collection
-Only collect needed information
-Use and retention
-Use information only for stated business purpose
-Access
-Customer should be able to review, correct, or delete information collected on them
-Disclosure to Third Parties
-Security
-Protect from loss or unauthorized
-Quality
-Monitoring and Enforcement
-Procedures in responding to complaints
-Compliance
Encryption
Encryption is a preventive control that can be used to protect both confidentiality and privacy. Encryption protects data while it is in transit over the Internet and also provides one last barrier that must be overcome by an intruder who has obtained unauthorized access to stored information...encryption also strengthens authentication procedures and plays an essential role in ensuring and verifying the validity of e-business transactions. Therefore, it is important for accountants, auditors, and system professionals to understand encryption
As shown in Figure 9-2, encryption is the process of transforming normal content, called plaintext, into unreadable gibberish, called ciphertext. Decryption reverses this process, transforming ciphertext back into plaintext
Encryption: The process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext
Plaintext: Normal text that has not been encrypted
Ciphertext: Plaintext that was transformed into unreadable gibberish using encryption
Decryption: Transforming ciphertext back into plaintext
Figure 9-2 shows that both encryption and decryption involve use of a key and an algorithm. Computers represent both plaintext and ciphertext as a series of binary digits (0s and 1s). Encryption and decryption keys are also strings of binary digits; for example, a 256-bit key consists of a string of 256 0s and 1s. The algorithm is a formula for using the key to transform the plaintext into ciphertext (encryption) or the ciphertext back into plaintext (decryption). Most documents are longer than the key, so the encryption process begins by dividing the plaintext into blocks, each block being of equal length to the key. Then the algorithm is applied to the key and each block of plaintext. For example, if a 512-bit key is being used, the computer first divides the document or file into 512-bit-long blocks and then combines each block with the key in the manner specified by the algorithm. The result is a ciphertext version of the document or file, equal in size to the original. To reproduce the original document, the computer first divides the ciphertext into 512-bit blocks and then applies the decryption key to each block
Encryption Steps
-Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext (sender of message)
-To read ciphertext, encryption key reverses process to make information readable (receiver of message)
(Chart)
Factors That Influence Encryption Strength
Three important factors determine the strength of any encryption system: (1) key length, (2) encryption algorithm, and (3) policies for managing the cryptographic keys
Key Length
Longer keys provide stronger encryption by reducing the number of repeating blocks in the ciphertext. This makes it harder to spot patterns in the ciphertext that reflect patterns in the original plaintext. For example, a 24-bit key encrypts plaintext in blocks of 24 bits. In English, 8 bits represent each letter. Thus, a 24-bit key encrypts English plaintext in chunks of three letters. This makes it easy to use information about relative word frequencies...to guess...most commonly recurring pattern of 24 bits in the ciphertext probably represents the English word the and proceed to "break" the encryption...most encryption keys are at least 256 bits long (corresponding to 42 English letters), and are often 1,024 bits or longer
Encryption Algorithm
THe nature of the algorithm used to combine the key and the plaintext is important...strong algorithm is difficult, if not impossible, to break by using brute-force guessing techniques. Secrecy is not necessary for strength...Indeed, the procedures used by the most accepted and widely used encryption algorithms are publicly available...strength due to the fact that they have been rigorously tested and demonstrated to resist brute-force guessing attacks...organizations should not attempt to create their own "secret" encryption algorithm, but instead should purchase products that use widely accepted standard algorithms whose strength has been proven
Policies For Managing Cryptographic Keys
The management of cryptographic keys is often the most vulnerable aspect of encryption systems. If key is stolen, encryption can be easily broken despite long keys and strong algorithm. Cryptographic keys must be stored securely and protected with strong access controls. Best practices include (1) not storing cryptographic keys in a browser or any other file that other users of that system can readily access and (2) using a strong (and long) passphrase to protect the keys...need sound policies and procedures for issuing and revoking keys...issued only to employees who handle sensitive data and eed ability to encrypt it...promptly revoked when an employee leaves or there is reason to believe the key has been compromised and to notify everyone who has relied upon those keys that they are no longer valid
Encryption
-Preventative control
-Factors that influence encryption strength:
-Key length (longer = stronger)
-Algorithm
-Management policies
-Stored securely
Types of Encryption
-Symmetric:
-Uses one key to encrypt and decrypt
-Both parties need to know the key
-Need to securely communicate the shared key
-Cannot share key with multiple parties, they get their own (different) key from the
organization
-Asymmetric:
-Public—everyone has access
-Private—used to decrypt (only known by you)
-Public key can be used by all your trading partners
-Can create digital signatures
Types of Encryption Systems
Table 9-1 compares the two basic types of encryption systems. Symmetric systems use the same key both to encrypt and decrypt. DES and AES are examples...Asymmetric encryption systems use two keys...a public key that is widely distributed and available to everyone and a private key that is kept secret and known only to the owner of that pair of keys...Public or Private can be used to encrypt, but only the other key can decrypt the ciphertext. RSA and PGP are examples
Symmetric Encryption Systems: Encryption systems that use the same key both to encrypt and to decrypt
Asymmetric Encryption Systems: Encryption systems that use two keys (one public, the other private); either key can encrypt, but only the other matching key can decrypt
Public Key: One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone
Private Key: One of the keys used in asymmetric encryption systems. It is kept secret and known only to the owner of that pair of public and private keys
Key Escrow: The process of storing a copy of an encryption key in a secure location
For both types of encryption systems...loss or theft of encryption keys are major threats...should the keys be lost, encrypted information cannot be recovered...one solution is to use encryption software that creates a built-in master key that can be used to decrypt anything encrypted by that software...alternative process called key escrow, which involves making copies of all encryption keys used by employees and storing those copies securely...symmetric system, if shared secret key stolen, attacker can access any information encrypted with it...in asymmetric systems, if private key is compromised, attacker can decrypt all information and also use your private key to impersonate you and even create legally binding digital signatures in your name
Symmetric encryption is much faster than asymmetric encryption, but two major problems: both parties (sender and receiver) need to know the shared secret key...this means that the two parties need to have some method for securely exchanging the key that will be used to both encrypt and decrypt...E=mail not a solution because it can be intercepted, thus some other method of exchange is needed...telephone, postal mail, or private delivery are possible but quickly become cost-prohibitive...second problem is that a separate secret key needs to be created for use by each party with whom the use of encryption is desired...if company A wants to encrypt information it shares with B and C, but prevent B and C from having access to the other's information, it needs to create two encryption keys, one for each B and C...otherwise the companies would be able to decrypt the information meant for the other company...secure management of keys quickly becomes more complex as the number of participants in a symmetric encryption system increases
Asymmetric encryption systems solve both of these problems..does not matter who knows the public key, because any text encrypted with the public key can only be decrypted by using the corresponding private key...therefore public key can be distribute by e-mail or even posted on a website so that anyone who wants to can send encrypted information to the owner of the public key...also, any number of parties can use the same public key to send encrypted messages because only the owner of the corresponding private key can decrypt the messages...both companies B and C can use A's public key to communicate securely with A, B need not fear that C could intercept communication, because info can only be decrypted by using A's private key, which C does not have...Asymmetric encryption systems also greatly simplify the process of managing cryptographic keys...A does not need to create and manage separate keys for each company from which it wants to receive information over the Internet securely; instead, it needs to create just one pair of public and private keys...A also does not need to store the public keys of other companies to which it wishes to send information securely, because it can always obtain the other company's public key from that company's website or via e-mail...main drawback to asymmetric is speed, thousands of times slower than symmetric, making it impractical for use to exchange large amounts of data over the Internet...e-business uses both types, symmetric to encode most of data being exchanged, and asymmetric to safely send via e-mail the symmetric key to the recipient for use in decrypting the ciphertext...shared secret key is secure even though it is sent via e-mail because if the sender uses the recipient's public key to encrypt it, only the intended recipient, who is the only person possessing the corresponding private key, can decrypt that shared secret symmetric key...asymmetric encryption is also used in combination with a process called hashing to create legally binding digital signatures
Digital Signatures
Nonrepudiation: Creating legally binding agreements that cannot be unilaterally repudiated by either party
An important issue for business transactions has always been nonrepudiation, or how to create legally binding agreements that cannot be unilaterally repudiated by either party...traditionally physically signing contracts and other documents...today, many transactions occur digitally using the Internet...obtain same level of arruance about enforceability by using both hashing and asymmetric encryption to create a legally binding digital signature
Digital Signature: A hash encrypted with the hash creator's private key
As Figure 9-3 shows, creating digital signature is a two-step process. The document creator generates a hash of the document (or file) and encrypts the hash using his or her private key...resulting encrypted hash is a digital signature that provides assurance (1) that a copy of a document or file has not been altered, and (2) who created the original version of the digital document or file...thus digital signatures provide assurance that someone cannot enter into a digital transaction and then subsequently deny they had done so
How does it provide assurance? Hashing ensures it has not been altered...asymmetric means something encrypted with a private key can only be decrypted with the corresponding public key...if something can be decrypted with an entity's public key, it must have been encrypted with that entity's corresponding private key, which proves that the information had to have been encrypted by the owner of that pair of public and private keys
Figure 9-4 shows how both of these facts work together to provide nonrepudiation
(and example on page 273)
Successfully using a public key to decrypt a document or file proves that the party possessing the corresponding private key created it...but how can the recipient be sure of the other party's identity...answer involves the use of digital certificates and a public key infrastructure
Digital Certificates and Public Key Infrastructure
Usually, you obtain another party's public key by going to their website, where your browser automatically extracts the public key from the site's digital certificate...can manually examine by double clicking the lock icon
Digital Certificate: An electronic document that certifies the identity of the owner of a particular public key and contains that party's public key
Digital certificates function like the digital equivalent of a driver's license or passport...both issued by a trusted independent party...(gov for passport)
Certificate Authority: An organization that issues public and private keys and records the public key in a digital certificate
Certificate authority...such as Thawte and VeriSign, typically issue digital certificates intended for e-business use...they charge a fee to issue a pair of public and private keys and collect evidence to verify the claimed identity of the person or organization purchasing those keys and the corresponding digital certificate
Public Key Infrastructure (PKI): The system for issuing pairs of public and private keys and corresponding digital certificates
Entire PKI system hinges on trusting certificate authorities...one important factor concerns the procedures the certificate authority uses to verify the identity of an applicant for a digital certificate...some cheaper certificates, just verify email, more expensive, credit reports and tax returns...certificates only valid for a specified period of time...procedures used to update certificates and revoke expired digital certificates also important
Browsers are designed to automatically check the validity of a website's digital certificate...issuing certificate authority signs digital certificates and browsers come preloaded with the public keys of widely recognized certificate authorities...
The browser uses that stored public key to decrypt the certificate authority's digital signature, which yields a hash of the digital certificate...browser then creates its own hash of the digital certificate, if they match the certificate is valid, if not, browser displays a warning and asks you if you want to proceed...browsers also check expiration date and warn if expired...browsers play a critical role in PKI...if a criminal can compromise your browser to store the criminal's public key, your browser can be tricked into accepting a fake digital signature...best way to prevent is to be sure your browser is fully patched and up-to-date
Virtual Private Networks (VPNS)
To protect confidentiality and privacy, information must be encrypted not only within system, but also over Internet
As Figure 9-5 shows, encrypting information while it traverses the Internet creates a VPN
Virtual Private Network (VPN): Using encryption and authentication to securely transfer information over the Internet, thereby creating a "virtual" private network...
Provides functionality of privately owned secured network without associated cost...using VPN software to encrypt info over the Internet (in transit) creates private communication channels, or tunnels, accessible only to parties with appropriate keys...VPNs also include controls to authenticate the parties exchanging information and to create an audit trail of the change...Thus VPNS ensure that sensitive information is exchanged securely and in a manner that can provide proof of its authenticity
Two types of VPNs...one uses a browser, encrypting traffic with SSL...other uses IPSec...both types provide a secure means of exchanging sensitive info over the Internet but create problems for other components of information security...chapter 8 firewalls function by inspecting the contents of packets but cannot examine encrypted packets...three approaches to this problem, one is to configure firewall to send encrypted packets to a computer in the DMZ that decrypts them; that computer sends decrypted packets back through the firewall for filtering before being allowed into internal network...allows firewalls to screen all packets but means info is unencrypted in DMZ and within the internal network...second approach is to configure main firewall to allow encrypted packets into internal network and decrypt them only at their final destination...protects confidentiality of sensitive information until it reaches the appropriate destinate, creates potential holes in access controls because not all incoming packets are filtered by the firewall...third is to have firewall function as VPN termination point, decrypting all incoming traffic and inspecting content...costly and creates a single point of failure, if firewall goes down so does VPN...means sensitive information not encrypted in internal network...thus organizations must choose which is more important, confidentiality (privacy) or security...not limited to firewalls...necessity of making trade-offs among components of systems reliability is another reason information security and controls is a managerial concern and not just an IT issue
;