Table 8-1 in your textbook summaries key controls to protect confidentiality of information:
Categorization to reflect value and training in proper work practices Overall Shredding, thorough erasure, physical destruction Disposal Encryption Transmission Encryption and access controls Storage Controls Situation
A number of regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Financial Services Modernization Act (aka, Gramm-Leach-Billey Act) require organizations to protect the privacy of customer information.
Do not carry your social security card with you or comply with requests to reveal the last 4 digits.
Limit the amount of identifying information preprinted on checks and consider eliminating it.
Do not place outgoing mail with checks or personal information in your mailbox for pickup.
Don’t carry more than a few blank checks with you.
Use special software to thoroughly clean any digital media before disposal, or physically destroy the media. It is especially important to thoroughly erase or destroy hard drives before donating or disposing of equipment.
A reliable system produces information that is accurate, timely, reflects results of only authorized transactions, and includes outcomes of all activities engaged in by the organization during a given period of time.
Requires controls over both data input quality and the processing of the data.
SECURITY CONFIDENTIALITY PRIVACY PROCESSING INTEGRITY AVAILABILITY SYSTEMS RELIABILITY
If the data entered into a system is inaccurate or incomplete, the output will be, too. (Garbage in garbage out.)
Companies must establish control procedures to ensure that all source documents are authorized, accurate, complete, properly accounted for, and entered into the system or sent to their intended destination in a timely manner.
In even parity, the parity bit is set so that each character has an even number of bits with the value 1.
In odd parity, the objective is that an odd number of bits should have the value 1.
The pattern for 5 is 0000101. This pattern has two bits (an even number) with a value of 1. Therefore, the parity bit that is added would be zero if we were using even parity and 1 if we were using odd parity.
The receiving device performs parity checking to verify that the proper number of bits set to one in each character received.
Additional accuracy can be achieved with more complex parity schemes.
Changes should be thoroughly tested prior to implementation.
Includes assessing effect of change on all five principles of systems reliability.
Should occur in a separate, non-production environment.
All documentation (program instructions, system descriptions, backup and disaster recovery plans) should be updated to reflect authorized changes to the system.
“ Emergency” changes or deviations from policy must be documented and subjected to a formal review and approval process as soon after implementation as practicable. All such actions should be logged to provide an audit trail.