Maintaining Confidentiality and Data Security
Confidentiality is important in data security. Everyday, we are deluged with services in return for our private information such as social security number, birthdates, full name. These are often required in most transactions, and being able to divulge these private data entail a great degree of confidence on our part.
We need to be assured that our personal data will remain just that, private. Any kind of information, whether private of just plain sensitive, can not and should not be disclosed to the public or other third party organizations without the expressed consent of the subject of interest.
Maintaining a full degree of confidentiality of data entails not volunteering information, whether specifically asked or not, and to anyone, regardless of within or outside the affected organization. Mark all documents and portable storage devices with the words CONFIDENTIAL. Make sure passwords are unhackable. Change passwords as needed to keep third party hackers guessing. Log out of your computer when you are not in the office. Sharing of computer workstations should be highly discouraged. Secure print outs from plain view, and dispose of vital documents appropriately.
Share information only with people who are authorized and are on a need to know basis. A breach in confidentiality entails information which may have been accessed by unauthorized people.
Information that is authentic entails integrity, ensuring reliability and accuracy of the data. Integrity represents one of the primary indicators of security. The less duplicates of a data exists, the less likely the data is compromised by modification.
Although new technology has been developed to store and transfer electronic data, it is still under threat of potential hackers who access sensitive data without authorization. Protection of data must be of utmost priority within any organization.
Effective risk management must be kept in place, it is neither goal oriented nor time limited. Instead it is an ongoing process as technological measures rapidly change with each new day. Threat assessments must be made periodically. Assess the vulnerability of your data and calculate the intensity of impact it would have on the organization as a whole. Appropriate controls should be kept in place and provide proportionate threat response. Then evaluate the affectivity of your control measure in place.
The most important part of maintaining confidentiality is to identify the value of your data and security of classification. All data have varying degrees of importance, thus requiring the appropriate degree of protection, offering instead to prioritize security measures on the most sensitive data.