From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Data deidentification
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Data deidentification
- [Instructor] One way that many organizations seek to protect themselves against accidental disclosures of personal information is to remove all identifying information from datasets when that identifying information is not necessary to meet business requirements. Deidentification is the process of moving through a dataset and removing data that may be individually-identifying. For example, you would certainly want to remove names, Social Security numbers, and other obvious identifiers. However, simple data deidentification is often insufficient to completely safeguard information. The reason for this is that you can often combine seemingly innocuous fields to uniquely identify an individual. A study done at Carnegie Mellon University analyzed three fields commonly retained in deidentified datasets: zip code, date of birth, and gender. You wouldn't think that any one of these fields when used alone would allow you to…
Contents
-
-
-
-
-
-
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication/session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
-
-