2. Learning Objectives
Identify and explain controls designed to protect the
confidentiality of sensitive information.
Identify and explain controls designed to protect the privacy
of customers’ personal information.
Explain how the two basic types of encryption systems work
3. Protecting Confidentiality and Privacy of
Sensitive Information
1. Identify and classify information to protect
A. Where is it located and who has access?
B. Classify the value of information to the organization
4. CONT..
2. Encryption
A. Protect the information in transit and in storage
3. Access controls
A. Controlling outgoing information (confidentiality)
B. Digital watermarks (confidentiality)
C. Data masking (privacy)
4. Training
5. Encryption
Is the process of taking a massage and making it
unreadable to everyone except the person it I
intended for.
encryption - The process of transforming normal text,
called plaintext, into unreadable gibberish, called
cipher text.
6. Cont..
plaintext - Normal text that has not been encrypted.
cipher text - Plaintext that was transformed into
unreadable gibberish using encryption.
decryption - Transforming cipher text back into
plaintext
Cryptograph- the study of crating and breaking secret
code.
7. Encryption Steps
1. Takes plain text and with an encryption key and
algorithm, converts to unreadable cipher text
(sender of the message)
2. To read cipher text, the encryption key reverses the
process to make information readable (receiver of
the message)
10. Symmetric encryption
Symmetric encryption uses the same key for
encryption and decryption. Because it uses the same
key, symmetric encryption can be more cost effective
for the security it provides. That said, it is important to
invest more in securely storing data when using
symmetric encryption.
11.
12. Asymmetric encryption
uses two separate keys: a public key and a private
key. Often a public key is used to encrypt the data
while a private key is required to decrypt the data.
The private key is only given to users with
authorized access. As a result, asymmetric
encryption can be more effective, but it is also
more costly.