The importance of protecting information and data confidentiality is especially relevant in the information society in which we live. How to protect sensitive or critical information of people and organizations? What is confidentiality and how to implement security measures to ensure it? What is confidentiality of information
Confidentiality, in computing, is a fundamental principle of information security that guarantees the necessary level of secrecy of the information and its treatment, to prevent its unauthorized disclosure when it is stored or in transit.
How to ensure the confidentiality of the data?
The confidentiality of the information is achieved or ensured through the implementation of technical or organizational measures such as:
- The encryption of the information that does not allow it to be understood by people who do not have the necessary keys / certificates (authorized persons or recipients) even if it is intercepted in transit or the repository where it is stored is reached.
- Access controls to the facilities, repositories and systems where the information is located or to the network through which it moves, avoiding unauthorized access to it.
- Formal procedures for classifying information based on its value, sensitivity and legal requirements, and treating it (what can and cannot be done with it).
- Training and awareness of people about the confidentiality and protection of information.
- Confidentiality Agreements (NDAs) formally established (signed) with employees who access and process confidential information.
Examples of information leaks What is confidentiality of information
Recently, 10 TB of information from the Portuguese electricity company EDP has been leaked, from which 10 million euros were claimed, under threat of data leakage, to return access to its files that were encrypted with a Ransomware attack. There have also been very notorious leaks those of PlayStation Network, Google+, Cambridge Analytics …
Data leaks due to incorrect handling can cause many damages to individuals and groups. Therefore, this is considered one of the fundamental pillars of security , along with its availability and integrity.