Scribd
Upload
287 views19 pages

Lecture 3 - Chapter 12 - Romney Students

Uploaded by

MERINA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
287 views19 pages

Lecture 3 - Chapter 12 - Romney Students

Uploaded by

MERINA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Accounting Information Systems

Fifteenth Edition, Global Edition

Chapter 12
Confidentiality and Privacy Controls

• Copyright © 2021 Pearson Education Ltd.


Learning Objectives (1 of 2)
• Describe the controls that can be used to protect the
confidentiality of an organization’s information and the
privacy of personal information collected from customers,
suppliers, and employees.
• Discuss how the Generally Accepted Privacy Principles
(GAPP) framework provides guidance in developing a
comprehensive approach to protecting privacy that
satisfies the requirements of privacy regulations such as
the EU’s General Data Privacy Regulation.

• Copyright © 2021 Pearson Education Ltd.


Learning Objectives (2 of 2)
• Discuss how different types of encryption systems work,
and explain the difference between encryption and
hashing.
• Explain how to create a digital signature and how it
provides a means to create legally enforceable contracts.
• Discuss how blockchain works.

• Copyright © 2021 Pearson Education Ltd.


Protecting Confidentiality and
Privacy (1 of 2)
• Identify and classify information to be protected
– Where is it located and who has access?
– Classify value of information to organization
• Protecting sensitive information with encryption
– Protect information in transit and in storage

• Copyright © 2021 Pearson Education Ltd.


Protecting Confidentiality and
Privacy (2 of 2)
• Controlling access to sensitive information
– Information Rights Management (IRM)
– Data loss prevention (DLP)
– Digital watermarks
– Data masking
– Tokenization
• Training

• Copyright © 2021 Pearson Education Ltd.


Privacy Regulations
• The European Union’s General Data Privacy Regulation
– The GDPR imposes huge fines (up to 4% of global
revenues) for issues such as not properly obtaining
consent to collect and use personal information or not
being able to document that the organization has taken
a proactive approach to protecting privacy.
• Other regulations include:
– California Consumer Privacy Act (CCPA) of 2018
– Health Insurance Portability and Accountability Act
(H I P AA)
– Health Information Technology for Economic and
Clinical Health Act (HITECH)
– Financial Services Modernization Act
• Copyright © 2021 Pearson Education Ltd.
Generally Accepted Privacy Principles
• Management • Access
– Procedures and policies with – Customer should be able to
assigned responsibility and review, correct, or delete
accountability information collected on them
• Notice • Disclosure to third parties
– Provide notice of privacy policies • Security
and practices prior to collecting – Protect from loss or
data unauthorized access
• Choice and consent • Quality
– Opt-in versus opt-out approaches • Monitoring and enforcement
• Collection – Procedures in responding to
– Only collect needed information complaints
• Use, retention, and disposal – Compliance
– Use information only for stated
business purpose. When no
longer useful, dispose in a secure
manner.
• Copyright © 2021 Pearson Education Ltd.
Encryption
• Preventative control
• Factors that influence encryption strength:
– Key length (longer = stronger)
– Algorithm
– Management policies
 Stored securely

• Copyright © 2021 Pearson Education Ltd.


Figure 12.2 Steps in the Encryption
and Decryption Process
• Takes plain text and with an
encryption key and
algorithm, converts to
unreadable ciphertext
(sender of message)
• To read ciphertext,
encryption key reverses
process to make
information readable
(receiver of message)

• Copyright © 2021 Pearson Education Ltd.


Types of Encryption
Symmetric Asymmetric
• Uses one key to encrypt • Uses two keys
and decrypt – Public—everyone has
• Both parties need to know access
the key – Private—used to
– Need to securely decrypt (only known by
communicate the you)
shared key – Public key can be used
– Cannot share key with by all your trading
multiple parties, they partners
get their own (different) • Can create digital
key from the signatures
organization
• Copyright © 2021 Pearson Education Ltd.
Virtual Private Network (VPN)
• Securely transmits encrypted data between sender and
receiver
– Sender and receiver have the appropriate encryption
and decryption keys.

• Copyright © 2021 Pearson Education Ltd.


Figure 12.3 Virtual Private Networks
[VPNs]

• Copyright © 2021 Pearson Education Ltd.


Hashing
• Hashing is a process that takes plaintext of any length and
creates a short code called a message digest, popularly
referred to as a hash.

• Hashing algorithms provide a means to test the integrity of


a document, to verify whether two copies of a document,
each stored on a different device, are identical.

– It plays an important role in creating legally binding


digital signatures and is an essential component
underlying blockchains.

• Copyright © 2021 Pearson Education Ltd.


Table 12.2 Comparison of Hashing
and Encryption

• Copyright © 2021 Pearson Education Ltd.


Digital Signatures
Used to create legally binding agreements (two steps to
create)
1. Document creator uses a hashing algorithm to generate
a hash of the original document
2. Document creator uses private key to encrypt step 1
above

• Copyright © 2021 Pearson Education Ltd.


Blockchain
• Blockchain technology was originally developed to
support the crypto-currency Bitcoin to prevent “double-
spending” the same coin, but it has since been adopted for
use in a variety of industries to create reliable audit trails
for any business process.

• A blockchain is a distributed ledger of hashed documents


with copies stored on multiple computers.

• Copyright © 2021 Pearson Education Ltd.


Figure 12.6 How Hashing Updates a
Blockchain (1 of 3)

• Copyright © 2021 Pearson Education Ltd.


Figure 12.6 How Hashing Updates a
Blockchain (2 of 3)

• Copyright © 2021 Pearson Education Ltd.


Figure 12.6 How Hashing Updates a
Blockchain (3 of 3)

• Copyright © 2021 Pearson Education Ltd.

You might also like