CHAPTER 9

INFORMATION SYSTEMS CONTROLS FOR SYSTEMS RELIABILITYPART 2:

CONFIDENTIALITY, PRIVACY, PROCESSING INTEGRITY, AND AVAILABILITY
Learning Objectives:
1. Identify and explain controls designed to protect the
confidentiality of sensitive information.
2. Identify and explain controls designed to protect the privacy of
customers personal information.
3. Explain how the two basic types of encryption systems work.

Confidentiality
Reliable systems protect confidential information from
unauthorized disclosure.
Types of information that need to be protected would include;
business plans, pricing strategies, client and customer lists, and
legal documents.
Encryption is a fundamental control procedure for protecting the
confidentiality of sensitive information.
It is easy to intercept information sent over the Internet.
Encryption solves this problem.
Encrypting information before sending it over the Internet creates
what is called a Virtual Private Network (VPN).
It is especially important to encrypt any sensitive information
stored in laptops, personal digital assistants (PDAs), cell
phones, and other portable devices.
It is also important to control access to system outputs.
Useful control procedures for doing to include the
following:
1. Do not allow visitors to roam through buildings
without supervision, to prevent them from seeing
sensitive information on workstation displays or
picking up and reading printed reports.
2. Require employees to log out of any applications prior
to leaving their workstation unattended.
3. Restrict access to rooms housing printers and fax
machines.
4. Code reports to reflect the importance of the

Page 1 of 9

information contained therein, and train employees to

not leave reports containing sensitive information in
plain view on their desktops when they are not
physically present.
It is especially important to control the disposal of information
resources. Printed reports and microfilm containing sensitive
information should be shredded before being thrown out. Special
procedures are needed to destroy information stored on magnetic
and optical media. Building-in operating system commands to delete
that information is insufficient, because many utility programs
have been developed to recover deleted files.
Proper disposal of computer media requires use of special software
designed to wipe the media clean by repeatedly overwriting the
disk with random patterns of data.
Incorporation of digital cameras in cell phones makes it possible
for visitors to surreptitiously capture confidential information.
So, many organizations now prohibit visitors from using cell
phones.
Employee use of e-mail and instant messaging (IM) probably
represents two of the greatest threats to the confidentiality of
sensitive information.

Privacy
The Trust Services Framework privacy principle is closely related
to the confidentiality principle, differing primarily in that it
focuses on protecting personal information about customers rather
than organizational data.
Ten internationally recognized best practices for protecting the
privacy of customers personal information:
1. Management. The organization establishes a set of procedures
and policies for protecting the privacy of personal
information it collects and assigns responsibility and
accountability for those policies to a specific person or
group of employees.
2. Notice. The organization provides notice about its privacy
policies and practices at or before the time it collects
personal information from customers, or as soon as
practicable thereafter.
3. Choice and Consent. The organization describes the choices
available to individuals and obtains their consent to the
collection and use of their personal information.
4. Collection. The organization collects only that information
needed to fulfill the purposes stated in its privacy
policies.

Page 2 of 9

5. Use and Retention. The organization uses its customers

personal information only in the manner described in its
stated privacy policies and retains that information only
as long as it is needed.
6. Access. The organization provides individuals with the
ability to access, review, correct, and delete the
personal information stored about them.
7. Disclosure to Third Parties. The organization discloses
customers personal privacy policies and only to third
parties who provide equivalent protection of that
information.
8. Security. The organization takes reasonable steps to protect
customers personal information from loss or unauthorized
disclosure.
9. Quality. The organization maintains the integrity of its
customers personal information.
10. Monitoring and Enforcement. The organization assigns one
or more employees to be responsible for assuring
compliance with its stated privacy policies and
periodically verifies compliance with those policies.
As in the case for confidential information, encryption and access
controls are the two basic mechanisms for protecting consumers
personal information.
Organizations should also consider encrypting customers personal
information in storage.
A California law requires any business with customers in
that state to personally notify every customer following a
security incident involving access to the databases
containing customers personal information.
However, this law can be waived if the information was
encrypted while in storage.
Organizations also need to train employees on how to manage
personal information collected from customers.
An incident involving the unauthorized disclosure of customers
personal information can be costly. For example, Spain levies
fines up to $600,000 per privacy violation and France imposes jail
sentences up to three years.
A cookie is a text file created by a Web site and stored on a
visitors hard disk. Cookies store information about what the user
has done on the site.
It is important to note that cookies are text files, which
means that they cannot do anything besides store
information.

Page 3 of 9

Another concern involves the ever-increasing amount of spam.

Not only does spam reduce the efficiency benefits of e-mail but it
is also a source of many viruses, worms, spyware programs, and
other types of malware.
CAN-SPAMs guidelines or risk sanctions. Key provisions include
the following:
1. The senders identity must be clearly displayed in the
header of the message.
2. The subject field in the header must clearly identify the
message as an advertisement or solicitation.
3. The body of the message must provide recipients with a
working link that can be used to opt out of future e-mail.
4. The body of the message must include the senders valid
postal address.
5. Organizations should not send commercial e-mail to randomly
generated addresses, nor should they set up Web sites
designed to harvest e-mail addresses of potential
customers.
FOCUS 9-1 on page 256 provides steps in protecting yourself from
identity theft:
1.

Shred all documents that contain personal information,

especially unsolicited credit card offers.

2.

Never send personally identifying information in

unencrypted e-mail.

3.

Beware of e-mail, telephone, and print requests to verify

personal information that the requesting party should
already possess.

4.

Do not carry your Social Security card with you.

5.

Print only your initials and last name, rather than your
full name, on checks. This prevents a thief from knowing
how you sign your name.

6.

Limit the amount of other information (address and phone

number) preprinted on checks, and consider totally
eliminating such information.

7.

Do not place outgoing mail containing checks or personal

information in your mailbox for pickup.

8.

Do not carry more than a few blank checks with you.

9.

Use special software to thoroughly clean any digital media

prior to disposal, or physically destroy the media.

Page 4 of 9

10. Monitor your credit reports regularly

11. File a police report as soon as you discover that your
purse or wallet was stolen.
12. Make photocopies of drivers licenses, passports, and
credit cards.
13. Immediately cancel any stolen or lost credit cards.

Encryption
Encryption is the final layer of preventive controls.
Encryption is the process of transforming normal text,
called plaintext, into unreadable gibberish, called
ciphertext.
The term cipher is sometimes used as a synonym for
ciphertext. In turn, a secret code is the same as a cipher.
Decryption reverses this process, transforming ciphertext
back into plaintext.
Figure 9-1 on page 258 shows that both a key and an
algorithm are used to encrypt plaintext into ciphertext and
to decrypt the ciphertext back into plaintext.
The key is also a string of binary digits of a fixed length.
The binary code either has a value of 1 or 0. This code is
written into successive powers of 2, rather then powers of
10 as in decimal. Thus a binary number 1101 means (from
right to left):
20
21
22
23

1
0
1
1

x
x
x
x

1
2
4
8

=
=
=
=

1
0
4
8

Thus 11012 = 1310

The following is a Binary Number, Decimal, and Hexadecimal
table. Hexadecimal is often used because its simpler and
takes less space.
Binary

Decimal

Hexadecimal

Number
0001

Equivalent
1

Equivalent
1

0010

Page 5 of 9

0011

0100

0101

0110

0111

1000

1001

1010

10

1011

11

1100

12

1101

13

1110

14

1111

15

The following Web site provides conversion between binary, decimal

and hexadecimal: http://www.easycalculation.com/binaryconverter.php
Note: Bits are combined in groups of eight bits called bytes.
Encryption Strength
Three important factors determine the strength of any
encryption system:
1. Key length
Longer keys provide stronger encryption by reducing the
number of repeating blocks of ciphertext. This makes it
harder to spot patterns in the ciphertext that reflect
patterns in the original plaintext. The English binary 8bit code can be found at the following Web site:
http://www.tekmom.com/buzzwords/binaryalphabet.html

Page 6 of 9

2. Key management policies

The procedures used to store and manage the encryption
keys are also important.
COBIT control objective DS 5.8 identifies important
control objectives related to the management of
cryptographic keys, which is a piece of information (a
parameter) that controls the operation of a cryptographic
algorithm.
This is often the most vulnerable aspect of encryption
systems.
Cryptography strictly applies to translating messages
into cipher or code. The science of breaking codes and
ciphers without a key is called cryptanalysis. Cryptology
is the science that embraces both cryptography and
cryptanalysis.
Access to encryption keys must be tightly controlled.
A second best alternative is a process called key escrow,
which involves making copies of all encryption keys used
by employees and storing those copies securely.
3. Nature of encryption algorithm
A third factor affecting encryption strength concerns the
nature of the algorithm.

Types of Encryption Systems

There are two basic types of encryption systems:

1. Symmetric Encryption Systems that use the same key

both to encrypt and to decrypt

Symmetric encryption has the following three problems:

Both parties (sender and receiver) need to know

the shared secret key.

Separate secret keys need to be created for use

with each different party with whom encryption
is going to be used.

Both parties using symmetric encryption must

know the same secret key; there is no way to
prove who created a specific document.

2. Asymmetric Encryption Systems that use two keys.

One key, called the public key, is widely
distributed and available to everyone. The other
key, called the private key, is kept secret and
known only to the owner of that pair of keys.

Page 7 of 9

Hashing
Hashing is a process that takes plaintext of any length and
transforms it into a short code called a hash.
For example, the SHA-256 algorithm creates a 256-bit hash.
Table 9-1 on page 260 provides a comparison of encryption
and hashing

Digital Signatures
Asymmetric encryption and hashing are used to create digital
signatures.
A digital signature is information encrypted with the
creators private key.
This encrypted information can only be decrypted using
the corresponding public key
Using a hash of the original plaintext to create a digital
signature not only is efficient but also provides a means
for establishing that the message decrypted by the recipient
is exactly the same as the message created by the sender.

Digital Certificates and Public Key Infrastructure

A digital certificate is an electronic document, created and
digitally signed by a trusted third party that certifies the
identity of the owner of a particular public key
The term Public Key Infrastructure (PKI) refers to the
system and processes used to issue and manage asymmetric
keys and digital certificates
The organization that issues public and private keys and
records the public key in a digital certificate is called a
certificate authority.
Illustrative Example: The Role of Encryption and Hashing in
E-Business
Figure 9-3 on page 263 provides this example
Step 1: A Northwest Industries employee connects to
the government agencys Web site and clicks on the
button for submitting bids on open contracts.
Step 2: The employee clicks a button to attach and
submit the companys bid.
The encryption software performs the following
actions:
a. Uses a hashing algorithm, such as MD5, to

Page 8 of 9

create a hash of the bid.

b. Encrypts the hash using Northwest Industries
private key. This creates a digital signature
for the bid.
c. Encrypts the bid using the AES symmetric key
algorithm.
d. Uses the government agencys public key to
encrypt the AES key used in step c.
Step 3: The encrypted bid, the AES key needed to
decrypt the bid, and Northwest Industries digital
signature are all sent over the Internet to the
government agency.
Step 4: The government agencys computer receives the
package of information and performs the following
steps:
a. Uses Northwest Industries public key to
decrypt the digital signature. This produces a
hash of the original bid.
b. Uses its private key to decrypt the AES key
sent by Northwest Industries.
c. Uses the AES key to decrypt the encrypted bid.
This produces a plaintext version of Northwest
Industries bid.
d. Uses the same hashing algorithm used by
Northwest Industries to hash the plaintext
copy of the bid.
e. Compares the hash to that produced in step
4(a). If the two match, the government agency
knows that (1) the copy of the bid it recreated was created by Northwest Industries
and (2) the bid has not been altered or
garbled during transmission.
Step 5: The agency sends Northwest Industries an
acknowledgement that its bid has been received.

Effects of Encryption on Other Layers of Defense

Digital signatures use asymmetric encryption to create legallydinging electronic documents. Web-based e-signatures are an
alternative mechanism for accomplishing the same objective. An
e-signature is a cursive-style imprint of a persons name that is
applied to an electronic document.

Page 9 of 9