Huh Chapter 12: Confidentiality and privacy, a fajita fanfic

Confidentiality and privacy

Confidentiality vs. privacy?

Confidentiality is preserving authorized restrictions on access and disclosure of data, including means for protecting personal privacy and proprietary information. In essence, it means confidentiality protects unauthorized access to information gathered by a company

Privacy is the right of a party to maintain control and confidentiality of information about itself. Privacy protects the rights of an individual and gives the individual control over what information they are willing to share with others.

Methods of protection of confidentiality data:

•Data Collection:

policies and procedures defining the specific confidential data collected, how it will be kept confidential, incident response, how to build in privacy in developmental cycles, who we can share it with, and consequences of violation.

conducting training.

•Data Processing:

de-identified personal information like pseudonymization of their name into ID numbers to make it anonymous.

•Data storage:

organizations should control access to personal information through access control policies and access enforcement mechanisms

implement access controls for mobile devices

auditing events of confidentiality

•Data transmission:

provides transmission confidentiality like encryption.

•Data Deletion:

deletion/purging with policies to archive and purge.

Development of new systems and how it leads to confidentiality:

Obfuscation: process of replacing production data or sensitive information with data that is less valuable to unauthorized users.

Types of obfuscation:

•encryption: changes all of it, higher form.

•tokenization: removing production data nad replacing it with fake data. Does not change data length or type.

token vault: where key to revert tokenization to original number.

•Masking: swaps data with other data so that the original identifying characteristics are disguised or masked while maintains a similar structure

like the SSN

Data Encryption: method of mitigating risk of data breaches and data loss through application of cryptography. It becomes ciphertext which can only be decoded using a key. The key with the mathematically encoded algorithm offers the receiver nonrepudiation/assurance that the sender is valid.

•different types/combos of keys can be used

•key can be public or private

Methods of Encryption:

•symmetric encryption: involves a single shared or private key for encryption and decryption of data within a group

Private key is used by all members to encrypt and decrypt

commonly used by banks

does not give nonrepudiation/assurance or large scale implementation

•asymmetric encryption: uses two keys, a public and private key. One will encrypt and one will decrypt.

popular for digital signing

not good for speed and is typically more complex, requiring more computing power.

Hashing: converts a message with variable lengths to a fixed length message or code called a message digest or hash value. Hashing is one way but can not be unscrambled.

•maintain integrity of data transmitted, validating the message sent is from the true sender. Comparing two hash values will tell users that the message is legitimate

•often combined with encryption

Cipher techniques: ciphers are the result of applying encryption algorithms that encode unencrypted messages into an encrypted form. Results in a combo of number and letters that are meaningless without a key.

Types of Ciphers:

•substitution ciphers: replaces each character of a plaintext with another character.

•Transposing Cipher: encryption technique that rearranges letters of a message to form unreadable ciphertext, often using a matrix to perform columnar transposition.

•Key Cipher: encrypts messages as long as the messages themselves

•Block Cipher: operates on chunks of a message and then apply encryption

•Stream Ciphers: perate on a single character or a ew characters known as streams

Concept: good to use more then one type of cypher

Data Loss Prevention: protect and detect attempts to transfer sensitive information out of the organizations electronically across multiple protocols, parts, and communication methods Often uses pattern matching method to scan files and then when there is a red flag, it stops or encrypts it.

Best practices:

•implement centralized DLP

•define and create a data usage policy

•monitor

•evaluate the different forms of data being sent so more effort can be spent on sensitive data

•implement education

Types of DLP:

•network based DLP: scans outgoing data that meets specific criteria and transmitted using means such as email, file transfer protocol, and direct messaging. Typically archived in database that identifies that data and where it went on the network.

•Cloud based DLP: functions in cloud

•End point based DLP: scan files stored or sent to devices that might be outside the network such as a printer, USB drive, or any other device.

Protecting Data at rest:

safeguards:

•sufficient physical security, adequate digital security, authorization and proper access control, change management controls, backups, and recovery management.

•Best way to delete is to physically destroy.

Read through: distributing security, confidentiality, and privacy procedures to members of both IT departments and non IT departments supporting the walkthrough for review and see if there is any obsolete information.

Walkthrough: role playing and simulating disaster situation.

Steps:

1planning and prep

2obtaining an understanding of the process being evaluated

3performing the walkthrough

4creating documentation

5performing tests

6evaluate the procedures

Fire Drill: pretending the real thing happened

How we detect deficiencies in a SOC 2 engagement:

Service auditor will evaluate the results of all procedures performed and conduct a quantitative and qualitative analysis for whether identified description misstatement, deficiency in design, or

•operating effectiveness of controls for type 2 examinations

Service auditors will perform a walkthrough from origination to final destination considering how personal identifiable information is being handled.

•service auditors walkthrough will gain an understanding of flow of transactions and design and implementations of the controls in relation to an organizations security, confidentiality, and privacy service commitments.

•will gather evidence in walkthrough too.

If there was a deficiencies:

•report the failure to meet or

•a presentation that could be misunderstood by users if the service auditor opinion was not modified to reflect the identified description misstatements (if deviations are acceptable).

To evaluate:

•investigate the nature and cause and determine whether the procedure that have been performed provide an appropriate basis for concluding that the control operated effectively throughout the specific period

•whether identified deficiency are likely to be pervasive on the achievement of the orgizations commitment and system requirements based on the applicable trust service criteria

•magnitude of effect of deficiencies on the achievements of the service organizations service commitments and system requirements based on the applicable trust service criteria

•whether the users will be mislead if the report is not modified

What is a pervasive effect?

•entity level controls affecting operation controls are pervasive.

Might not be pervasive if there is segmentation

•deficiencies in key controls are pervasive

Type 2 examination: deviations in operating effectiveness of controls will modify opinion

In incidents of fraud go to senior management or above if senior management is involved. Request senior managemnt consult with third party.

Consider implication in the engagement of fraud, recommend to communicate with legal advice or withdraw.