• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question about Confidentiality

 
liao Yang
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A mock question (not from HFSJ) is asking if the following is true or not. I chose true, the answer is false which I don't understand. Anyone can explain why it is false?

"Confidentiality can be defined as information is not made available or disclosed to unauthorized persons or processes"

Thanks
 
Jatin Sharma
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I think the answer "false" is correct.
Because Confidentiality means really confident i.e. even authorized persons or processed can not share or see the confidential data of each other like credit card info or pwd etc.
 
Biliang Zhou
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I used to have doubts on this question, but now I've come clear.

Defining "confidentiality" as "Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes" is acceptable, if we are talking about it as a general item.

See this link for the traditional definition:
http://www.bricker.com/legalservices/practice/hcare/hipaa/164.304.asp

But when we put it into the context of J2EE, confidentiality actually means the encryption of the data transmitted. Beyond the general definition that "the data should not be made available to others", confidentiality in J2EE means "even if others see it, they won't understand what is being sent because we encrypt our data".

Hope this helps...
 
liao Yang
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jatin and Biliang. Your replies helped me to understand the question.

After reading your post. I also checked the spec the definition is: Confidentiality - The means use to ensure that information is only made available to users who are authorized to access it.

So it is about the "means", i.e. encryptic transmission, right?

Thanks again.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic