Privacy and Security Relationship

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Hello and welcome back to
00:00
the HCISPP certification course with Cybrary,
00:00
Privacy and Security Relationship.
00:00
My name is Charlene Hutchins
00:00
and I'm your instructor today.
00:00
Today, we're going to discuss
00:00
confidentiality, dependency,
00:00
and immigration as it relates to
00:00
the relationship between privacy and security.
00:00
Let's begin. Now,
00:00
the relationship between security or
00:00
cybersecurity and privacy is complex.
00:00
On one hand, cybersecurity
00:00
that protects data from intrusion,
00:00
theft, and misuse,
00:00
obviously is a significant privacy safeguard.
00:00
But on the other hand,
00:00
cybersecurity measures that monitor access and use can
00:00
implicate the collection of
00:00
personal information and thus raise privacy concerns.
00:00
A relevant example is one
00:00
facing our country today with contact tracing.
00:00
It would be helpful for public health officials and
00:00
local governments to be able to trace and
00:00
track those who have tested
00:00
positive for COVID-19 and know
00:00
the places they've spent time
00:00
during that time they may have been contagious.
00:00
Knowing where people spent time and who
00:00
they spent time with is very
00:00
important in notifying those persons
00:00
of a suspected exposure to the virus.
00:00
However, some people have
00:00
concerns of their information being
00:00
used for purposes other than
00:00
ensuring public safety of others.
00:00
Would you share your data if you had tested positive?
00:00
It's a very personal decision.
00:00
Other privacy concerns are around
00:00
some cybersecurity defense techniques that may
00:00
require monitoring and
00:00
collection of personal information,
00:00
such as network and system
00:00
monitoring, and background checks.
00:00
It's important to know what information
00:00
is traversing organization's network,
00:00
especially while users are working from home.
00:00
Additionally, information identified in
00:00
an employee's background check should be used for
00:00
the purposes of wherever the person receives
00:00
an offer of employment and nothing further.
00:00
Many companies now include a credit check
00:00
in addition to the standard criminal background check.
00:00
Confidentiality is the relationship
00:00
between security rules and standards,
00:00
and are complimentary to the privacy rules and standards.
00:00
Various privacy rules discuss
00:00
the personal relationship between
00:00
the individual providing the data and
00:00
those using the data for particular purposes.
00:00
Security rules tend to discuss
00:00
how the data will be secured and protected.
00:00
Security professionals in the healthcare industry
00:00
should be familiar with the Affordable Care Act,
00:00
HIPAA, and HITECH.
00:00
American citizens expect that
00:00
their rights to privacy will be
00:00
honored and their data will
00:00
remain confidential and secure.
00:00
Privacy protections depend on
00:00
adherence to security standards.
00:00
Two of the three tenants of
00:00
the CIA triad, confidentiality and integrity,
00:00
are both principles designed to protect the data from
00:00
unauthorized disclosure and to ensure the data is
00:00
provided does not change.
00:00
The third tenant, availability
00:00
is important only in the fact
00:00
that data should be available and not lost or misplaced.
00:00
If any of these tenants are violated,
00:00
an overall sense of distrust comes into play.
00:00
It's important for
00:00
the healthcare security practitioner to understand how
00:00
each security control wraps a layer
00:00
of privacy protection around the data.
00:00
Security controls are integrated to protect privacy.
00:00
The healthcare security professional
00:00
must identify initial risks,
00:00
but also have a process for constantly obtaining
00:00
new information about threats
00:00
so adequate protections can be applied.
00:00
For instance, system configuration change,
00:00
a software is upgraded,
00:00
software vulnerabilities are discovered,
00:00
and attackers will find new methods
00:00
for trying to compromise sensitive healthcare data.
00:00
Privacy and security tasks are integrated due to
00:00
the need for the implementation
00:00
of change management programs,
00:00
antivirus and malware detection software,
00:00
as well as system patching, training,
00:00
and awareness in order to establish
00:00
an effective security and privacy program.
00:00
Let's test your knowledge.
00:00
True or false,
00:00
privacy concerns exist around
00:00
security measures that monitor and collect data?
00:00
[NOISE] That answer is true.
00:00
Did you get that? Let's try another one.
00:00
[NOISE] True or False,
00:00
privacy depends on adherence to security standards?
00:00
[NOISE] Once again,
00:00
that answer is true.
00:00
One more. True or false,
00:00
privacy and security tasks are separated in order
00:00
to establish an effective privacy and security program?
00:00
[NOISE] That one is false.
00:00
The privacy and security tasks must be
00:00
integrated in order to establish an effective program.
00:00
In this video, we reviewed the confidentiality,
00:00
dependency, and integration as it
00:00
relates to privacy and security relationships.
00:00
Next up, we'll be handling sensitive data. See you soon.
Up Next