Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing."— Presentation transcript:

1 Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-1

2 Learning Objectives  Identify and explain controls designed to protect the confidentiality of sensitive corporate information.  Identify and explain controls designed to protect the privacy of customers’ personal information.  Explain how the two basic types of encryption systems work. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-2

3 Trust Services Framework  Security (Chapter 8)  Access to the system and its data is controlled and restricted to legitimate users.  Confidentiality (Chapter 8)  Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.  Privacy  Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.  Processing Integrity (Chapter 10)  Data are processed accurately, completely, in a timely manner, and only with proper authorization.  Availability (Chapter 10)  System and its information are available to meet operational and contractual obligations. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-3

4 Intellectual Property (IP)  Strategic plans  Trade secrets  Cost information  Legal documents  Process improvements  All need to be secured Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-4

5 Steps in Securing IP Identification and Classification Encryption Controlling Access Trainingj Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-5 Where is the information, who has access to it? Classify value of information The process of obscuring information to make it unreadable without special knowledge, key files, or passwords. Information rights management: control who can read, write, copy, delete, or download information. Most important! Employees need to know what can or can’t be read, written, copied, deleted, or downloaded

6 Privacy  Deals with protecting customer information vs. internal company information  Same controls  Identification and classification  Encryption  Access control  Training Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-6

7 Privacy Concerns  SPAM  Unsolicited e-mail that contains either advertising or offensive content  CAN-SPAM (2003)  Criminal and civil penalties for spamming  Identity Theft  The unauthorized use of someone’s personal information for the perpetrator’s benefit.  Companies have access to and thus must control customer’s personal information. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-7

8 Privacy Regulatory Acts  Health Insurance Portability and Accountability Act (HIPAA)  Health Information Technology for Economic and Clinical Health Act (HITECH)  Financial Services Modernization Act Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-8

9 Generally Accepted Privacy Principles 1.Management  Procedures and policies  Assignment of responsibility 2.Notice  To customers of policies 3.Choice and Consent  Allow customers consent over information provided, stored 4.Collection  Only what is necessary and stated in policy 5.Use and Retention  Based on policy and only for as long as needed for the business 6.Access  Customers should be capable of reviewing, editing, deleting information 7.Disclosure to 3 rd Parties  Based on policy and only if 3 rd party has same privacy policy standard 8.Security  Protection of personal information 9.Quality  Allow customer review  Information needs to be reasonably accurate 10.Monitor and Enforce  Ensure compliance with policy Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-9

10 Encryption  Preventive control  Process of transforming normal content, called plaintext, into unreadable gibberish  Decryption reverses this process Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-10

11 Encryption Strength  Key length  Number of bits (characters) used to convert text into blocks  256 is common  Algorithm  Manner in which key and text is combined to create scrambled text  Policies concerning encryption keys  Stored securely with strong access codes Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-11

12 Types of Encryption  Symmetric  One key used to both encrypt and decrypt  Pro: fast  Con: vulnerable  Asymmetric  Different key used to encrypt than to decrypt  Pro: very secure  Con: very slow  Hybrid Solution  Use symmetric for encrypting information  Use asymmetric for encrypting symmetric key for decryption Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-12

13 Hashing  Converts information into a “hashed” code of fixed length.  The code can not be converted back to the text.  If any change is made to the information the hash code will change, thus enabling verification of information. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-13

14 Digital Signature  Hash of a document  Using document creators key  Provides proof:  That document has not been altered  Of the creator of the document Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-14

15 Digital Certificate  Electronic document that contains an entity’s public key  Certifies the identity of the owner of that particular public key  Issued by Certificate Authority Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-15

16 Virtual Private Network (VPN)  Private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 9-16

Download ppt "Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Security Controls – What Works

Security Controls – What Works
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google