Page 64 - CA_165_V2.0_C9_Flipbook
P. 64

Confidentiality refers to keep the data or information secret and allowing only authorised people to
                  access  the  information.  The  same  information  can  be  confidential  for  some  individuals  whereas  non
                  confidential for another set of individuals.

                  The following data generally come under confidential category:
                  l    Medical history or records
                  l    Date of birth
                  l    Contact details
                  l    Income status

                  l    Itinerary, celebration photographs of family or friends
                  It is unethical to popularise information or data which is meant to be confidential. If an individual is part
                  of an information group whose login and password details are to be kept within a specific set of people
                  only, then one should avoid leaking that information to others who are outside the group. For example,
                  if an organisation of fifteen people shares a single user id and password for accessing Internet through
                  Wi-Fi/broadband, then passing on the details to the sixteenth person without knowledge of the rest of
                  the team would be considered breach of confidentiality.

                  Approaches to Protect Confidentiality of Information

                  To protect sensitive data and ensure its confidentiality, it is essential to implement various best practices.
                  These practices reduce the risk of unauthorised access and potential breaches:

                       Access Control Measures: Use strong passwords and multi-factor authentication (MFA) for added
                  l
                       security. Apply the least privilege principle, granting access only to authorised individuals. Regularly
                       update user permissions and implement role-based access controls (RBAC) to limit data access
                       based on job roles.
                  l    Data Encryption: Encrypt sensitive files, emails, and communication using SSL/TLS and AES. Ensure
                       end-to-end encryption for secure data transfer and storage.

                  l    Firewall  Protection:  Use  firewalls  to  block  unauthorised  access  and  prevent  external  attacks.
                       Regularly update firewall settings to keep pace with emerging security threats. Employ both hardware
                       and software firewalls for added protection.

                  l    Secure Data Storage and Disposal: Store confidential data in encrypted locations, both physically
                       and digitally. Securely shared physical documents and wipe digital data before disposal to avoid
                       leaks.
                  l    Confidentiality  Agreements:  Implement  Non-Disclosure  Agreements  (NDAs)  for  employees,
                       contractors,  and  third  parties  handling  sensitive  data.  Ensure  confidentiality  policies  are  clearly
                       defined in employment contracts and service agreements.

                       Secure Communication Practices: Use encrypted email services and secure messaging platforms to
                  l
                       communicate confidential information. For remote access, always use a VPN to protect data in transit.

                  l    Email Handling Best Practices:  Avoid  opening  email  attachments  or  clicking  on  links  from
                       unknown sources. Verify the authenticity of senders before responding to confidential requests.
                       Implement  spam  filters  to  minimise  phishing  risks.  Regularly  update  email  security  settings  to
                       prevent unauthorised access.


                   62    Touchpad Computer Applications (Ver. 2.0)-IX
   59   60   61   62   63   64   65   66   67   68   69