Which of the following best represents the description – “seeks to prevent the unauthorized disclosure of information”?
So our choices for this questions are:
Confidentiality
Integrity
Secret
Private
The answer is ……. Confidentiality.
Confidentiality
The purpose of confidentiality is to inhibit the unauthorized disclosure of information, which makes Disclosure an opposite of Confidentiality. The cybersecurity professional must keep data secret. So we need to keep unauthorized people/systems from accessing data they have no business seeing. Many times confidentiality is associated with safeguarding PII or Personally Identifiable Information. PII can take on many forms such as credit card information, social security number, drivers license number, or any number of other data that can personally identify an individual.
Data must be safeguarded such that only users who have clearance, formal approval, and the need to know. Need to know is an interesting qualifier as some users withing an organization may have clearance to data but no real need to know. This happens frequently in top secret government locations. Without need to know, users are not allowed to see data they may have clearance to view.
Privacy is closely associated with Confidentiality. Numerous countries around the world have laws specifically geared to protecting the privacy of their citizens. The United States is not one of them. Instead there are a piece meal of regulations such as HIPAA, Sarbanes–Oxley, and Gramm–Leach–Bliley that provide a rudimentary foundation for privacy. The Health Insurance Portability and Accountability Act (HIPAA) is specific to the medial field. It requires medical providers keep the medical information of their patients private. To some extent it makes working with your provider more difficult as you have to specifically indicate who they can talk to about your condition, including your spouse. Now for some, I can see where that could be an issue. ( Think of a spouse that has something to hide, perhaps about certain of their activities. ) For me, it is just a pain that I have to fill out more paperwork, but the intent is Safeguarding Confidentiality.