Week 8 - Confidentiality and Privacy Controls Flashcards
(18 cards)
Define confidentiality and privacy controls
Measures or mechanisms designed to safeguard sensitive information from unauthorised access, disclosure or modification
List confidential and private information of an organisation
- Customer personal information
- Login details
- Strategic plans
- Financial data
What threats does lack of confidentiality and privacy controls introduce
- Identity theft
- Financial fraud
- Social engineering and phishing
- Corporate espionage or insider threat
List strategies for preserving confidentiality and privacy
- Data encryption
- Hashing
- Staff training
- Access control
- Data masking
- Vendor security assessment
- Audit trails
- Digital signatures
Name the 2 types of encryption
- Symmetric
- Asymmetric
What is symmetric encryption
A cryptographic technique that uses the same key to encrypt and decrypt data
What is asymmetric encryption
A cryptographic technique that uses the notion of a key pair; different keys are used for the encryption and decryption process
What are examples of symmetric encryption
- Wi-Fi Security
- File encryption
What are examples of asymmetric encryption
- Email security
- Digital signatures
List the differentiators between symmetric and asymmetric encryption
- Symmetric - one key; asymmetric - two keys
- Complexity and speed of execution
- Length of keys
- Usage
- Security
- Different algorithms
What is hashing
This is the process of transforming plaintext of any length into a short code called hash
It’s fixed-lenght strings of letters and numbers created using a special algorithm called a hash function
How does hashing preserve confidentiality and privacy
It’s a one-way process that prevents access to or tampering with the source data
How does staff training ensure the preservation of confidentiality and privacy
Ongoing training helps employees recognise phishing, use strong passwords and follow data handling procedures
What does access control entail
It ensures that only authorised individuals can access sensitive information
What is data masking
It protects sensitive data by hiding or obfuscating it during testing, training or external sharing
What does vendor security assessment entail
Evaluating third-party service providers to ensure they comply with security and privacy standards
What are audit trails
These are logs that record who accessed what data, when and what actions were taken
How do digital signatures preserve privacy and confidentiality
They can provide evidence of origin, identity and status of electronic documents, transactions or digital messages
