Confidentiality

In Brief

Ensuring the confidentiality of the data means ensuring that only authorised persons can access to that particular information. Security measures to guarantee confidentiality and to protect access to information against unauthorised persons. These measures must prevent intentional and unintentional loss of confidentiality (See also classification).

Threats menacing confidentiality

Here is a non-exhaustive list of threats that can jeopardise the confidentiality of an asset:

• Compromise of information
  • Interception of compromising false signals
  • Remote spying (SME: see Interception of communications and Spam/Phishing and Measures against malicious code)
  • Passive listening (SME: see Listening to wireless networks)
  • Theft of media or documents (SME: see Robbery and Penetration in premises)
  • Theft of equipment (SME: see Robbery and Penetration in premises)
  • Recovery of recycled or discarded media (SME: see Recovery of media)
  • Disclosure (SME: see Social engineering/Inadequate communication)
  • Equipment trapping
  • Software trapping (SME see: Measures against malicious codes)
  • Geolocation
• Technical failures
  • Hardware failure (SME: see Computer or communication equipment broken down and Damage to equipment during transport)
  • Equipment malfunction (SME: Insertion or removal of equipment)
  • Software malfunction
• Unauthorised Actions
  • Illegal use of materials (SME: see Misuse of organisational resources)
  • Fraudulent copying of software (SME: see Use of unapproved software and Invalid or non-existent licence)
  • Use of counterfeit or copied software (SME: see Invalid or non-existent licence)
  • Data corruption
  • Illegal data processing (SME: see Unauthorised processing of personal data – Employee monitoring and Regulatory requirements)
• Compromise of Functions
  • User error (SME: see Human error)
  • Abuse of rights (SME: see Abuse of organisational resources)
  • Usurpation of rights (SME: see Malicious administrator.