Chapter 12 Confidentiality and Privacy Controls

information rights management (IRM)

Software that offers the capability not only to limit access to specific files or documents, but also to specify the actions (read, copy, print, download, etc.) that individuals granted access to that resource can perform. Some IRM software even has the capability to limit access privileges to a specific period of time and to remotely erase protected files.

data loss prevention (DLP)

Software that works like antivirus programs in reverse, blocking outgoing messages (e-mail, instant messages, etc.) that contain key words or phrases associated with intellectual property or other sensitive data the organization wants to protect.

digital watermark

Code embedded in documents that enables an organization to identify confidential information that has been disclosed.

data masking

Protecting privacy by replacing sensitive personal information with fake data. Also called tokenization.

tokenization

Another word for data masking.

opt-in

Referred to as explicit consent because organizations cannot collect and use customers' personal information unless they explicitly agree to allow such actions.

opt-out

Referred to as implicit consent because companies can assume it is okay to collect and use customers' personal information unless they explicitly object.

cookie

A text file created by a website and stored on a visitor's hard drive. Cookies store information about who the user is and what the user has done on the site.

identity theft

Assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as a Social Security number or a bank account or credit card number.

encryption

The process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext. Encryption is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge.

plaintext

Normal text that has not been encrypted.

ciphertext

Plaintext transformed into unreadable gibberish using encryption.

decryption

Transforming ciphertext back into plaintext.

symmetric encryption systems

Encryption systems that use the same key both to encrypt and to decrypt.

asymmetric encryption systems

Encryption systems that use two keys (one public, the other private); either key can encrypt, but only the other matching key can decrypt.

public key

One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone.

private key

One of the keys used in asymmetric encryption systems. It is kept secret and known only to the owner of that pair of public and private keys.

virtual private network (VPN)

Using encryption and authentication to securely transfer information over the Internet, thereby creating a "virtual" private network.

nonrepudiation

Creating legally binding agreements that cannot be unilaterally repudiated by either party.

hashing

Transforming plaintext of any length into a short code called a hash.

hash

Plaintext transformed into short code.

digital signature

A hash encrypted with the hash creator's private key.

digital certificate

An electronic document that certifies the identity of the owner of a particular public key and contains that party's public key.

certificate authority

An organization that issues public and private keys and records the public key in a digital certificate.

public key infrastructure (PKI)

The system for issuing pairs of public and private keys and corresponding digital certificates.

blockchain

Individual digital records, called blocks, linked together using cryptography in a single list, called a blockchain. The blockchain isn't stored in a single location. Instead, it is a distributed ledger of hashed documents that functions as a decentralized database. Each computer in the distributed peer-to-peer network maintains a copy of the ledger to prevent a single point of failure.

nonce

A random number; used in the mining process to validate a new block in a blockchain.

key escrow

The process of storing a copy of an encryption key in a secure location.