tailieunhanh - Lecture Accounting information systems (13/e) – Chapter 9: Confidentiality and privacy controls
After studying this chapter, you should be able to: Identify and explain controls designed to protect the confidentiality of sensitive corporate information; identify and explain controls designed to protect the privacy of personal information collected from customers, employees, suppliers, or business partners; explain how the two basic types of encryption systems work. | Confidentiality and Privacy Controls Chapter 9 9-1 Learning Objectives Identify and explain controls designed to protect the confidentiality of sensitive information. Identify and explain controls designed to protect the privacy of customers’ personal information. Explain how the two basic types of encryption systems work. 9-2 Protecting Confidentiality and Privacy of Sensitive Information Identify and classify information to protect Where is it located and who has access? Classify value of information to organization Encryption Protect information in transit and in storage Access controls Controlling outgoing information (confidentiality) Digital watermarks (confidentiality) Data masking (privacy) Training 9-3 Generally Accepted Privacy Principles Management Procedures and policies with assigned responsibility and accountability Notice Provide notice of privacy policies and practices prior to collecting data Choice and consent Opt-in versus opt-out approaches Collection Only collect needed information Use and retention Use information only for stated business purpose Access Customer should be able to review, correct, or delete information collected on them Disclosure to third parties Security Protect from loss or unauthorized access Quality Monitoring and enforcement Procedures in responding to complaints Compliance 9-4 Encryption Preventative control Factors that influence encryption strength: Key length (longer = stronger) Algorithm Management policies Stored securely 9-5 Encryption Steps Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext (sender of message) To read ciphertext, encryption key reverses process to make information readable (receiver of message) 9-6 Types of Encryption Symmetric Asymmetric Uses one key to encrypt and decrypt Both parties need to know the key Need to securely communicate the shared key Cannot share key with multiple parties, they get their own (different) key from the organization Uses two keys Public—everyone has access Private—used to decrypt (only known by you) Public key can be used by all your trading partners Can create digital signatures 9-7 Virtual Private Network Securely transmits encrypted data between sender and receiver Sender and receiver have the appropriate encryption and decryption keys. 9-8 Key Terms Information rights management (IRM) Data loss prevention (DLP) Digital watermark Data masking Spam Identity theft Cookie Encryption Plaintext Ciphertext Decryption Symmetric encryption systems Asymmetric encryption systems Public key Private key Key escrow Hashing Hash Nonrepudiation Digital signature Digital certificate Certificate of authority Public key infrastructure (PKI) Virtual private network (VPN) 9-9
đang nạp các trang xem trước