Define confidentiality – what I think it means – eg of technologies to guarantee confidentiality
CIA refers to the confidentiality, integrity and availability of an information system and is used as a yardstick for evaluating information systems security. CIA cannot be guaranteed in any organization, however there are many ways in which it can be improved.
First of all confidentiality in respect to information systems is where information is restricted or limited to only persons authorized to use it. Confidentiality of information is especially important to businesses that thrive on sensitive customer information, example those who receive payments online and banks who store customers financial and personal information. However it is also a great concern to companies such as retailers and manufacturing companies as they may depend on this information to a certain extent (e.g. to decide on effective marketing strategies and to gain a competitive advantage). Confidentiality of a business’s information may be threatened in many ways. Persons may try to gain unauthorized access of a business’s sensitive information for personal gain e.g. identity theft and phishing. They may also attempt to steal secrets such as a business’s trade secrets and processes which give them a competitive advantage and also government agencies top secret information. Some technologies which can be used to increase the level of confidentiality are authentication methods which control the access to certain information such as password logins, single sign on, password updates and specifications.
Secondly, integrity in relation to information systems can be defined as keeping a business’s information free from accidental or intentional unauthorized changes (i.e. the information must be trustworthy). Integrity of information is of extreme importance for businesses such as hospitals and pharmacies, as the
References: http://it.med.miami.edu/x904.xml http://dictionary.reference.com/browse/confidential http://www.ccert.edu.cn/education/cissp/hism/019-021.html http://www.ccert.edu.cn/education/cissp/hism/021-023.html http://www.cccure.org/Documents/HISM/029-033.html Management Information Systems. Effy Oz. 6th Edition.