AIS Chapter 9 Flashcards

Questions and Answers

Software that protects confidentiality by screening outgoing documents to identify and block transmission of sensitive information is called?

Information Rights Management (IRM)

Data Loss Prevention (DLP)

Digital Watermark

None of these are (correct)

Software that is embedded in documents or files that contain confidential information to indicate who owns that information is called?

Information Rights Management (IRM)

Data Loss Prevention (DLP)

Digital Watermark (correct)

None of the above

Which of the following statements is NOT true?

Encryption protects the confidentiality of information while it is being sent over the Internet.

Encryption protects the confidentiality of information while it is in storage.

Encryption protects the confidentiality of information while it is in processing. (correct)

If an organization asks customers to agree to let the organization collect and use customers' personal information, it is following the consent practice referred to as?

Opt-in

Which statement is true?

Neither statement is true.

Which statement is true?

Encryption is necessary to protect confidentiality and privacy.

Which type of encryption is faster?

Symmetric

If you want to e-mail a document to a friend and be assured that only your friend will be able to open the document, you should encrypt the document using?

your friend's public key

If you want to e-mail a document to a friend so that your friend can be certain that the document came from you, you should encrypt the document using?

your private key

Which of the following statements is true?

Cookies are text files that only store information. They cannot perform any actions.

A digital signature is ____________.

created by hashing a document and then encrypting the hash with the signer's private key.

Able wants to send a file to Baker over the Internet and protect the file so that only Baker can read it and can verify that it came from Able. What should Able do?

Encrypt the file using Able's private key, and then encrypt it again using Baker's public key.

Which of the following statements is true?

Encryption is reversible, but hashing is not.

Confidentiality focuses on protecting ____________.

merger and acquisition plans

Which of the following statements about obtaining consent to collect and use a customer's personal information is true?

The default policy in Europe is opt-in, but in the United States the default is opt-out.

One of the ten Generally Accepted Privacy Principles concerns security. According to GAPP, what is the nature of the relationship between security and privacy?

Security is a necessary, but not sufficient, precondition to protect privacy.

Which of the following statements is true?

Symmetric encryption is faster than asymmetric encryption, but it cannot be used to provide non-repudiation of contracts.

Which of the following statements is true?

All of the above are true.

Which of the following can organizations use to protect the privacy of a customer's personal information when giving programmers a realistic data set with which to test a new application?

Data masking

Which of the following actions must an organization take to preserve the confidentiality of sensitive information?

Train employees to properly handle information.

Which of the following is used to protect the privacy of customers' personal information?

Tokenization

Using your private key to encrypt a hash of a document creates a?

digital signature

Replacing sensitive personal information with fake data is called?

data masking

Which of the following helps protect you from identity theft?

All of the actions listed help protect you from identity theft

Which of the following Generally Accepted Privacy Principles would an organization violate if it collects and stores your sensitive personal information without your knowledge?

Choice and consent

If the same key is used to both encrypt and decrypt a file, that is an example of what is referred to as a(n)?

symmetric encryption system

Which of the following factor(s) should be considered when determining the strength of any encryption system?

All of these are correct.

_____ provides assurance that someone cannot enter into a digital transaction and then subsequently deny they had done so and refuse to fulfill their side of the contract.

Digital signature

A website has a checkbox that states, 'Click here if you do NOT want the AJAX company to share your information with third parties and send you offers that you might be interested in' is following the choice and consent practice known as?

Opt-out

Study Notes

Data Security Concepts

• Data Loss Prevention (DLP): Software designed to protect confidentiality by blocking sensitive information from being transmitted without authorization.
• Digital Watermark: Embedded within documents to show ownership of confidential information, ensuring traceability.
• Information Rights Management (IRM): Controls access to confidential information based on rights management policies.

Encryption and Data Protection

• Encryption Types:
  • Symmetric encryption is faster than asymmetric encryption but does not provide non-repudiation.
  • Asymmetric encryption enables verification of the sender's identity through a digital signature.
• Encryption Functionality:
  • Protects confidentiality of information during storage and transmission but not in processing.
  • Is deemed necessary for ensuring both confidentiality and privacy, but additional controls are also required.

Consent Practices

• Opt-in vs. Opt-out:
  • Opt-in requires explicit consent from customers before collecting personal information.
  • Opt-out means customers must indicate if they do not want their information shared.

Confidentiality and Privacy

• Confidentiality: Focuses on protecting an organization's sensitive information, including intellectual property and strategic plans.
• Privacy: Aims to protect individuals’ personal information from unauthorized access or sharing.

Digital Signatures and Hashing

• A digital signature is created by hashing a document and then encrypting that hash with the signer's private key, providing authentication.
• Hashing is irreversible, while encryption is reversible.

Practical Data Handling and Protection

• Data Masking: Replaces sensitive data with fictitious data for testing without exposing actual sensitive information.
• Tokenization: Used to protect individual pieces of sensitive data, particularly personal information.
• Training and Awareness: Organizations need to train employees on proper handling of sensitive information to maintain confidentiality.

Additional Concepts

• Cookies: Text files for information storage; they do not execute actions.
• VPNs: Provide confidentiality when transmitting information over the Internet.
• Digital Certificates: Contain public keys to verify entities in a digital transaction.

Identity Theft Prevention

• Strategies include regular monitoring of credit reports, shredding sensitive documents, and encrypting personal information in emails.

Privacy Principles and Compliance

• Violating Choice and Consent principles occurs when sensitive information is collected without user knowledge.
• Strength of encryption relies on key management, the algorithm used, and key length.

Key Definitions

• Employee Training: Essential for the preservation of confidentiality of sensitive information.
• Symmetric Encryption System: Uses the same key for both encryption and decryption of data, simplifying the process but requiring secure key management.

Description

Test your knowledge on the key concepts from Chapter 9 of AIS. This quiz focuses on software and technologies that protect sensitive information, including Data Loss Prevention and Information Rights Management. Challenge yourself with these flashcards to reinforce your understanding of confidentiality in information systems.