Confidentiality

(OBJ 1.2)

Refers to the protection of information from unauthorized access and disclosure
Used to ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes
Is about keeping information secret and safe from prying eyes while at the same time allowing authorized people to access that data that they need.

To protect personal privacy
- Personal data being share without consent is no good
To maintain a business advantage
- Keep informational confidential to maintain a competitive edge within the industry
To achieve regulatory compliance
- Protection of certain types of data:
  - PII (Personally Identifiable Information)
  - PHI (Protected Health Information)
  - Various types of financial data

Encryption
- Process of converting data into a code to prevent unauthorized access
  - Scrambled data is called "ciphertext"
Access Controls
- By setting up strong user permissions, you ensure that only authorized personnel can access certain types data
- Examples:
  - Create password-protected files
  - Secure access to a database by using credentials
Data Masking
- Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users
- Example:
  - The first 12 digit of the clients credit cards is masked so that it is inaccessible
Physical Security Measures
- Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations
- Example:
  - Lock our filing cabinets
  - Install biometric security locks on the server room door
  - Install security cameras to detect physical data breaches
Training and Awareness
- Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data.
- A way to avoid human error and negligence.