TAILIEUCHUNG - Lecture Accounting information systems (13/e) – Chapter 9: Confidentiality and privacy controls

After studying this chapter, you should be able to: Identify and explain controls designed to protect the confidentiality of sensitive corporate information; identify and explain controls designed to protect the privacy of personal information collected from customers, employees, suppliers, or business partners; explain how the two basic types of encryption systems work. | Confidentiality and Privacy Controls Chapter 9 9-1 Learning Objectives Identify and explain controls designed to protect the confidentiality of sensitive information. Identify and explain controls designed to protect the privacy of customers’ personal information. Explain how the two basic types of encryption systems work. 9-2 Protecting Confidentiality and Privacy of Sensitive Information Identify and classify information to protect Where is it located and who has access? Classify value of information to organization Encryption Protect information in transit and in storage Access controls Controlling outgoing information (confidentiality) Digital watermarks (confidentiality) Data masking (privacy) Training 9-3 Generally Accepted Privacy Principles Management Procedures and policies with assigned responsibility and accountability Notice Provide notice of privacy policies and practices prior to collecting data Choice and consent Opt-in versus opt-out approaches Collection Only collect needed information Use and retention Use information only for stated business purpose Access Customer should be able to review, correct, or delete information collected on them Disclosure to third parties Security Protect from loss or unauthorized access Quality Monitoring and enforcement Procedures in responding to complaints Compliance 9-4 Encryption Preventative control Factors that influence encryption strength: Key length (longer = stronger) Algorithm Management policies Stored securely 9-5 Encryption Steps Takes plain text and with an encryption key and algorithm, converts to unreadable ciphertext (sender of message) To read ciphertext, encryption key reverses process to make information readable (receiver of message) 9-6 Types of Encryption Symmetric Asymmetric Uses one key to encrypt and decrypt Both parties need to know the key Need to securely communicate the shared key Cannot share key with multiple parties, they get their own (different) key from the organization Uses two keys Public—everyone has access Private—used to decrypt (only known by you) Public key can be used by all your trading partners Can create digital signatures 9-7 Virtual Private Network Securely transmits encrypted data between sender and receiver Sender and receiver have the appropriate encryption and decryption keys. 9-8 Key Terms Information rights management (IRM) Data loss prevention (DLP) Digital watermark Data masking Spam Identity theft Cookie Encryption Plaintext Ciphertext Decryption Symmetric encryption systems Asymmetric encryption systems Public key Private key Key escrow Hashing Hash Nonrepudiation Digital signature Digital certificate Certificate of authority Public key infrastructure (PKI) Virtual private network (VPN) 9-9

• Kế toán - Kiểm toán
• Protecting confidentiality
• Accounting information systems
• Lecture Accounting information systems
• Hệ thống thông tin kế toán
• Privacy controls
• Privacy controls
• tìm hiểu hệ điều hành
• học hệ điều hành
• sử dụng hệ điều hành
• thủ thuật hệ điều hành
• cách sử dụng windows 7
• mẹo hay cho windows 7
• tài liệu hệ điều hành
• Computer Security
• Introduction to Privacy in Computing
• Recognition of the need for privacy
• Threats to privacy
• Privacy in pervasive computing
• Accounting information systems
• Lecture Accounting information systems
• Information systems controls
• System reliability
• Introduction to MIS
• Management Information Systems
• Information systems
• Internet security issues
• Data protection
• Access controls