Shared Flashcard Set

Details

ACC 444 Ch 9
ACC 444, Exam 2 Ch 9
34
Accounting
Undergraduate 3
03/06/2012

Additional Accounting Flashcards

 


 

Cards

Term
Confidentiality
Definition
Sensitive org info (marketing plans, trade secrets) is protected from unauthorized disclosure

Focus: Protect ORG data

*Merger & Acquisition Plans
Term
Privacy
Definition
Personal info about customers is collected, used, disclosed and protected from authorized disclosure

Focus: CUST personal info
Term
Intellectual Property (IP) - 5 items that must be secured & preserved
Definition
1. Strategic Plans
2. Trade Secrets
3. Cost Info
4. Legal docs
5. Process Improvements
Term
4 Steps to Secure IP/Preserve Confidentiality
Definition
1. Identify and classify the info to be protected
2. Encrypt sensitive info
3. Control access to sensitive info
4. Training

** These 4 steps are the same for Confidentiality & Privacy
Term
Data Masking
Definition
Used to protect the privacy of a customers' personal info while giving programmers a realistic data set w which to test a new app
Term
Training - Most **

This teaches emps to:
Definition
-Protect confidential data
-Encrypt SW
-Always log out of apps
-Code reports
-Leave reports on desk
-Do not "reply all"
-Not disclose info at conferences
Term
2 Privacy Concerns:
Definition
1. SPAM: Unsolicited email that contains advertising or offensive content
2. Identity Theft: Unauthorized use of someone's personal info for the perpetrator's benefit
Term
Privacy Regulatory Act - HIPAA
Definition
Health Insurance Portability & Accountability Act
Term
Privacy Regulatory Act - HITECH
Definition
Health Info Tech for Economic * Clinical Health Act
Term
Privacy Regulatory Act - FSMA
Definition
Financial Services Modernization Act

aka Gram-Leach-Bliley Act
Term
3 Privacy Regulatory Acts
Definition
HIPPA, HITECH, FMSA

All 3 impose specific requirements on orgs to protect the privacy of cust personal info
Term
10 Internationally Recognized Best Practices for protecting the PRIVACY of cust' personal info:

GAAP
Definition
GAAP: Generally Accepted Privacy Principles

1. Management
2. Notice
3. Choice & Consent
4. Collection
5. Use & Retention
6. Access
7. Disclosure to 3rd Parties
8. Security
9. Quality
10. Monitor and Enforce
Term
GAAP 10- Management
Definition
Procedures & Policies
Assignment of responsibility

Idea that security is a MGMT issue, not a technical issue
Term
GAAP 10 - Notice
Definition
Give notice to customer of policies, and when info is collected
Term
GAAP 10 - Choice & Consent
Definition
Allow customers consent over info provided, stored

Opt-Out (US) vs. Opt-In
Term
GAAP 10 - Collection
Definition
Collect only what is necessary and stated in policy
Term
GAAP 10 - Use & Retention
Definition
Based on policy and only for as long as needed for the business

Create retention policies and ensure compliance with those policies
Term
GAAP 10 - Access
Definition
Customers should be capable of reviewing, editing, deleting info stored about them
Term
GAAP 10 - Disclosure to 3rd Parties
Definition
Based on policy & only if 3rd party has some privacy policy standard
Term
GAAP 10 - Security
Definition
Protection of personal info

P, D, C controls
Term
GAAP 10 - Quality
Definition
Allow cust review

Info needs to be reasonably accurate
Term
GAAP 10 - Monitor & Enforce
Definition
Ensure compliance w policy
Term
Encryption is a ____ Control
Definition
Preventive!
Term
Encryption: ___ -> ____

Decryption: ___ -> ____
Definition
Encryption: plaintext --> ciphertext
Decryption: ciphertext --> plaintext
Term
Encryption uses 2 things:

1.
2.
Definition
1. Key: string of binary digits of a fixed length

2. Algorithm: formula that combines the key & text
Term
Symmetric Encryption
Definition
2 identical keys

+ cheap, fast
- Scalability (have 500+ keys)

One key is used to both encrypt & decrypt.

B/c the key is shared by both parties, there is no way to prove who created and encrypted a doc.
Term
Asymmetric Encryption
Definition
One private key & one public key

Diff key used to encrypt than to decrypt

Public: widely distributed and available to everyone
Private: kept secret and known only to the owner & that pair of keys

+ Secure, only 2 keys
- Expensive, very slow
Term
Key Escrow - definition
Definition
Make copies of all encryption keys used by emps and store them securely
Term
Hashing

1. Def
2. One-way or reverse function?
3. Output size
Definition
1. Takes plaintext of any length and transforms it into short code called a hash

2. One-way Function - CANNOT REVERSE or 'unhash'

3. Any size input --> fixed same output (Always a fixed - SHORT length)
Term
Diff b/t Hashing & Encryption
Definition
Hashing - one way function (can NOT reverse)
Encryption - reversible (CAN decrypt back to plaintext)

Hashing - any size input --> same fixed short length output
Encryption - output size is approx same as input size
Term
Digital Sig

-Def
-Created using
-Provides proof
Definition
-Hash of a doc/file

-Created using signer's PRIVATE key

-Provides proof that the doc has NOT been altered & of the CREATOR of the doc
Term
Digital Certificate
Definition
Electronic doc that contains an entity's public key

Certifies the identity of the owner of that particular public key

Issued by Certificate Authority (proves digital certificate is genuine)
Term
A Digital Certificate is like a ____. Why?
Definition
Passport or Driver's License

B/c it is issued by a trusted indep party (gov't)

Employes holograms and watermarks to prove they are genuine
Term
VPN
Definition
Virtual Private Newtork

Encrypts info while it traverses the Internet

Prob: firewalls cannot examine packets that are encrypted
Supporting users have an ad free experience!