Lesson 8.2: Ethics Flashcards
Information privacy
Information privacy refers to the right to control how your personal information is collected, used, and exchanged. The discussion over privacy has intensified with massive data breaches, businesses selling personal data to other organizations, and targeted advertising abuse. While closely related, privacy and security are not the same. Security focuses on protecting data from unauthorized use and the exploitation of stolen data for profit. Privacy focuses on the use and governance of personal data, ensuring that it is collected, shared, and used appropriately.
Confidentiality
Confidentiality is a set of rules that limits access to data/information. Data is commonly categorized according to the amount and type of damage that could be done by unauthorized access. Implementing access controls is largely responsible for enforcing confidentiality.
Often, authorized users are given security training, supported by the computing professionals in the organization. Training typically includes how clients can identify and reduce security risks by doing the following:
Create strong password policies. Passwords should be at least eight characters combined with numbers and special characters. Passwords also need to be changed at least every three months, depending on the sensitivity of data on a given system.
Recognize social engineering attacks. Social engineering is a general term that describes any attack that takes advantage of humans’ trusting nature. Phishing is one example of a method of capturing the victim’s valuable information (e.g., username and password, personally identifiable information) by sending emails that mimic real emails from businesses. These emails seemingly request that you reset the password for your account when in reality the attackers capture the victim’s input for their own use.
Integrity
Integrity is maintained when the data/information is both trustworthy and accurate. Data must not be changed in transit or be altered by unauthorized users. Methods for maintaining integrity include file permissions, user access controls, version control, and redundant systems or copies.
Availability
Availability refers to the ability to provide reliable access to the data/information for authorized individuals. Availability is best ensured by rigorously maintaining all hardware, testing compatibility with operating systems and installed applications, and keeping systems patched and up-to-date.
