Chapter 14 Confidentiality

avoid disclosing info to anyone not authorized to use it
public comm. & outsourcing of info services make more difficult

Business info disclosure damaging to the organization: level of confidentiality based on value of the info.
Personal info about employees & customers: legal concerns too.

physical media (tape, CDs, printouts) need physical security level labels

only authorized users utilizing authorized SW over authorized comm. should be allowed to utilize the info.

secure storage: filesystem security for online storage but encryption needed for removable or stolen media, or intruded system.

secure comm.: point-to-point network physically secured
VPN: user authenticated & encryption over Internet. extranet

secure disposal: multiple generations of data recoverable from media (remnance)
object reuse: no previous data obtainable. write over several times with different bit patterns
magnetic media: destroyed, degaussed

Confidentiality/sensitivity classifications:
company secret: restricted distribution. grave impact. protected at all times.
company confidential: limited distribution. significant impact. kept in secure area.
company proprietary: moderate impact. adequately protected outside secure area.
internal use only: limited impact. soon to be public
private: not business activity-related. legally needs to be confidential.