AISB223 Chapter 12: Confidentiality and Privacy Controls

Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information?

After the information that needs to be protected has been identified, what step should be completed next?

Which type of software blocks outgoing messages containing key words or phrases associated with an organization's sensitive data?

Which type of software provides an additional layer of protection to sensitive information that is stored in digital format, offering the capability not only to limit access to specific files or documents but also to specify the actions that individuals who are granted access to that resource can perform?

The Bear Corporation uses a tool that embeds a code into all of its digital documents. It then scours the internet, searching for codes that it has embedded into its files. When Bear finds an embedded code on the internet, it knows that confidential information has been leaked. Bear then begins identifying how the information was leaked and who was involved with the leak. Bear is using

Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?

A client approached Paxton Uffe and said, "Paxton, I need for my customers to make payments online using credit cards, but I want to make sure that the credit card data isn't intercepted. What do you suggest?" Paxton responded, "The most effective solution is to implement

Abbie Johnson is a programmer at Healtheast network. Abbie has recently developed a new computer program for Healtheast. As part of the testing process, Abbie needs to use realistic patients' data to ensure that the system is working properly. To protect privacy, management at Healtheast uses a program that replaces private patient information with fake values before sending the data to Abbie for testing. The program that replaces patient information with fake values is called

If an organization asks you to disclose your social security number, but fails to tell you about its privacy policies and practices, the organization has likely violated which of the Generally Accepted Privacy Principles?

If an organization asks you to disclose your date of birth and your address, but refuses to let you review or correct the information you provided, the organization has likely violated which of the Generally Accepted Privacy Principles?