Professional Documents
Culture Documents
Topics 12 Privacy and Information Security
Topics 12 Privacy and Information Security
Employee Privacy
1
8/8/2019
Topic 1:
Introduction of Cyber Security
Privacy
Privacy is the ability of an individual or group to separate themselves, or
information about themselves, and thereby express themselves selectively.
The boundaries and content of what is considered private differ among
cultures and individuals.
Privacy aspect
Right to be let alone
Limited access
Control over information
States of privacy
Secrecy
Personhood and autonomy
Self-identity and personal growth
2
8/8/2019
3
8/8/2019
Cyber Security
Cyber security is concerned with protecting digital assets
4
8/8/2019
Confidentiality
Confidentiality is the protection of information from unauthorized access or disclosure
Example of information required higher degree of confidentiality
Personal
Financial
Medical record
Impact and potential consequence
Disclosure of information protected by legal requirements
Loss of public confidence
Loss of competitive advantage
Legal action against the entity
Interference with national security
Integrity
Integrity is the protection of information from the unauthorized modification
Example;
If a bank transfers BDT 10,000 to another financial institution, it is important that
the amount does not change to BDT 10,100 during the exchange
Impact and potential consequence
Inaccuracy
Erroneous decisions
Fraud
5
8/8/2019
Availability
Availability ensures the timely and relievable access to and use of information &
systems
This would include safeguards to make sure data are not accidentally or maliciously
deleted
Impact and potential consequence
Loss of functionality and operational effectiveness
Loss of productive time
Interference with enterprise’s Objective
Information Policy
6
8/8/2019
Information Policy
Information policy is the set of all
public laws,
regulations and
policies
that
encourage,
discourage, or
regulate
the
creation,
use,
storage,
access, and
communication and
dissemination
of information.
Information policy will mark the boundaries needed to evaluate certain issues
dealing with the creation, processing, exchange, access, and use of information
for avoiding risks (financial losses from incomplete and uncoordinated exploitation of
information, wasted time, failures of innovation, and reputation loss);
for positive benefits, including negotiation and openness among those responsible for
different aspects of information management
productive use of IT in supporting staff in their use of information
ability to initiate change to take advantage of changing environments