Confidentiality and Privacy Controls: Control and Audit of Accounting Information Systems
Confidentiality and Privacy Controls: Control and Audit of Accounting Information Systems
Confidentiality and Privacy Controls: Control and Audit of Accounting Information Systems
Chapter 9
4. TRAINING:
4. TRAINING:
• It is important for management to inform employees who will
attend external training courses, trade shows, or conferences
whether they can discuss such information or whether it should be
protected because it provides the company a cost savings or quality
improvement advantage over its competitors.
• Employees also need to be taught how to protect confidential data.
See P-276
In your
textbook
customers with a way to review the personal information stored by the organization
10. Monitoring and enforcement: an organization should assign one or more employees
to be responsible for ensuring compliance with its stated privacy policies. Organizations
must also periodically verify that their employees are complying with stated privacy
policies.
Copyright © 2015 Pearson Education, Inc.
31
Encryption
• To read ciphertext,
encryption key reverses
process to make
information readable
(receiver of message)
(1) KEY LENGTH Longer keys provide stronger encryption by reducing the
number of repeating blocks in the ciphertext. This makes it harder to spot patterns
in the ciphertext that reflect patterns in the original plaintext. For example, a 24-bit
key encrypts plaintext in blocks of 24 bits.
In English, 8 bits represent each letter. Thus, a 24-bit key encrypts English
plaintext in chunks of three letters. This makes it easy to use information about
relative word frequencies.
That’s why most encryption keys are at least 256 bits long (corresponding to 32
English letters), and are often 1,024 bits or longer.
Copyright © 2015 Pearson Education, Inc.
36
Encryption
FACTORS THAT INFLUENCE ENCRYPTION STRENGTH: