Page 65 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 65

door, misrouted faxes, documents left on printers, or even walking
               away from an access terminal while data is displayed on the monitor.

               Confidentiality violations can result from the actions of an end user or
               a system administrator. They can also occur because of an oversight in
               a security policy or a misconfigured security control.

               Numerous countermeasures can help ensure confidentiality against
               possible threats. These include encryption, network traffic padding,
               strict access control, rigorous authentication procedures, data

               classification, and extensive personnel training.
               Confidentiality and integrity depend on each other. Without object

               integrity (in other words, the inability of an object to be modified
               without permission), confidentiality cannot be maintained. Other
               concepts, conditions, and aspects of confidentiality include the
               following:

               Sensitivity Sensitivity refers to the quality of information, which
               could cause harm or damage if disclosed. Maintaining confidentiality

               of sensitive information helps to prevent harm or damage.

               Discretion Discretion is an act of decision where an operator can
               influence or control disclosure in order to minimize harm or damage.

               Criticality The level to which information is mission critical is its
               measure of criticality. The higher the level of criticality, the more
               likely the need to maintain the confidentiality of the information. High
               levels of criticality are essential to the operation or function of an

               organization.

               Concealment Concealment is the act of hiding or preventing
               disclosure. Often concealment is viewed as a means of cover,
               obfuscation, or distraction. A related concept to concealment is
               security through obscurity, which is the concept of attempting to gain
               protection through hiding, silence, or secrecy. While security through
               obscurity is typically not considered a valid security measure, it may

               still have value in some cases.

               Secrecy Secrecy is the act of keeping something a secret or
               preventing the disclosure of information.

               Privacy Privacy refers to keeping information confidential that is
   60   61   62   63   64   65   66   67   68   69   70