Term
| Actions that must be taken to preserve confidentiality |
|
Definition
1. identification and classification of the information to be protected
2. encryption of sensitive information
3. controlling access to sensitive information
4. training |
|
|
Term
| Information Rights Management (IRM) software |
|
Definition
| provides an additional layer of protection to specific information resources, offering the capability not only to limit access to specific files or documents, but also to specify the actions (read, copy, print, download, etc.) that individuals can perform |
|
|
Term
| Data Loss Prevention (DLP) software |
|
Definition
| works like and antivirus program in reverse, blocking outgoing message that contain key works or phrases associated with the intellectual property or other sensitive data the organization wants to protect |
|
|
Term
|
Definition
| a detective control that enables an organization to identify confidential information that has been disclosed |
|
|
Term
| Two major privacy-related concerns |
|
Definition
spam: unsolicited e-mail that contains either advertising or offensive content.
Identity Theft: the unauthorized use of someone's personal information for the perpetrator's benefit |
|
|
Term
| 10 best practices identified by GAPP (generally accepted privacy principles) that are internationally recognized |
|
Definition
1. Management
2. Notice
3. Choice and Consent
4. Collection
5. Use and Retention
6. Access
7. Disclosure to Third Parties
8. Security
9. Quality
10. Monitoring and Enforcement |
|
|
Term
| encryption and decryption |
|
Definition
| the process of transforming normal content, called plaintext, into unreadable gibberish, called ciphertext, and then reversing the process. |
|
|
Term
| Factors that influence encryption strength |
|
Definition
1. Key length
2. Encryption Algorithm
3. Policies for Managing Cryptographic Keys |
|
|
Term
| symmetric encryption systems |
|
Definition
| use the same key both to encrypt and decrypt (DES and AES) |
|
|
Term
| asymmetric encryption systems |
|
Definition
| use two keys. the public key is widely distributed and available to everyone; the private key is kept secret and known only to the owner of that pair of keys (RSA and PGP) |
|
|
Term
|
Definition
| a process that takes plaintext of any length and transforms it into a short code called a hash |
|
|
Term
|
Definition
| a hash of a document that is encrypted using the document creator's private key |
|
|
Term
|
Definition
| an electronic document that contains an entity's public key and certifies the identity of the owner of that particular public key |
|
|
Term
|
Definition
| organization that issues digital certificates |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| the system for issuing pairs of public and private keys and corresponding digital certificates |
|
|
Term
| virtual private network (VPN) |
|
Definition
| provides the functionality of a privately owned secure network without the associated costs of leased telephone lines, satellites, and other communication equipment |
|
|
