Confidentiality Privacy and Security Presentation
Confidentiality Privacy and Security Presentation
Click here to ORDER an A++ paper from our Verified MASTERS and DOCTORATE WRITERS: Confidentiality Privacy and Security Presentation
As Director of Health Information for a large health system, you have been tasked as a key leader in the selection and implementation of a Decision Support System for the organization. The CEO and Board of Directors has asked that you develop a plan to train staff on the value and purpose of the use of this technology.
Instructions
Part
Competency Assessed
Instructions
1
Develop educational programs for employees in privacy, security, and confidentiality.
Develop a PPT to be used for training new staff in the purpose and value of using informatics for decision support. The training should be specific to the ways that information should be used in decision making.
The PPT should include 15–20 slides, and a reference slide at the end with a minimum of 3 resources. Your textbook must be one of the references.
Confidentiality Protects Secrets
Confidentiality is one of the core concepts of cybersecurity. Simply put, confidentiality ensures that secret information is protected from unauthorized disclosure.
Protecting confidentiality is a responsibility shared between technologists and everyone else in the organization. Clearly, cybersecurity professionals and other IT staff bear the burden of ensuring that confidentiality controls are in place and functioning properly. However, it’s important to remember that everyone with access to sensitive information has a role to play in preserving the confidentiality of that data.
Most often, security breaches occur not as the result of a sophisticated technical failure but as the result of a mistake made by someone with authorized access to information.
As institutions work to achieve confidentiality goals, they may rely upon a wide variety of technical controls designed to prevent, detect and remediate confidentiality breaches. Many of these controls are designed to prevent breaches from occurring in the first place by restricting information access to authorized users.
For example, application access controls may limit the types of records that each user may see. Similarly, encryption technology protects sensitive information stored on systems or being transmitted over a network. Other controls seek to detect and remediate potential security breaches.
For example, data loss prevention systems monitor network communications for unauthorized transmissions of sensitive information and may intervene to block those communications from reaching unauthorized recipients.
Click here to ORDER an A++ paper from our Verified MASTERS and DOCTORATE WRITERS: Confidentiality Privacy and Security Presentation
Security is Broader than Confidentiality
Confidentiality is one of the foundational concepts of cybersecurity and is the requirement that most security professionals spend the majority of their time thinking about.
However, confidentiality is only one of three core concepts that together make up the foundation of cybersecurity work. The remaining two principles, integrity and availability, round out cybersecurity’s well-known “CIA triad.”
Integrity protects information from unauthorized modification. The most common example in an educational setting involves student grades.
If a student is able to gain unauthorized access to a learning management system and modify his or her own grades, that constitutes a violation of integrity.
Access controls are the major mechanism used to enforce integrity requirements.
Availability ensures that information is available for use by authorized individuals at the time they need it. Violations of availability may occur due to intentional attacks, such as the denial of service attack that crippled the learning management system at one university in 2015.
They may also arise from technical failures, such as the network outage that shut down technology at another institution for a week in 2018. Protecting availability is typically the work of technologists, who design fault-tolerant systems that can withstand component failures and implement backups to quickly restore service in the event of an outage.
Privacy Determines Authorization
Privacy is closely related to security and confidentiality but approaches data from a different perspective.
Confidentiality controls protect against the unauthorized use of information already in the hands of an institution, whereas privacy protects the rights of an individual to control the information that the institution collects, maintains and shares with others.
One way to understand the relationship between privacy and confidentiality is that privacy requirements dictate the types of authorization granted to information, and confidentiality controls ensure that people and systems meet those privacy obligations.
Privacy requirements typically arise in two forms. First, many institutions adopt privacy policies based on their own ethical sense of proper information handling. Second, a variety of laws and regulations impose privacy requirements on colleges and universities.
In the United States, the Family Educational Rights and Privacy Act (FERPA) grants students (or the parents of minor students) the right to access information contained within their educational records, request the correction of any information they believe is inaccurate and control the sharing of their records outside of the institution.