WEBVTT 1 00:00:00.000 --> 00:00:01.230 In this lesson, 2 00:00:01.230 --> 00:00:04.590 we will learn about confidentiality management. 3 00:00:04.590 --> 00:00:06.360 Confidentiality management 4 00:00:06.360 --> 00:00:09.120 is safeguarding sensitive information 5 00:00:09.120 --> 00:00:13.080 to prevent unauthorized access or disclosure. 6 00:00:13.080 --> 00:00:15.660 Confidentiality management concepts 7 00:00:15.660 --> 00:00:19.710 include indexing, key rotation, encryption, 8 00:00:19.710 --> 00:00:21.600 and code signing. 9 00:00:21.600 --> 00:00:23.820 Indexing involves organizing 10 00:00:23.820 --> 00:00:26.220 and structuring sensitive data 11 00:00:26.220 --> 00:00:28.920 so that it can be efficiently retrieved 12 00:00:28.920 --> 00:00:32.790 while ensuring that the underlying sensitive information 13 00:00:32.790 --> 00:00:37.710 remains protected and inaccessible to unauthorized users. 14 00:00:37.710 --> 00:00:41.820 Next, secrets management, including key rotation, 15 00:00:41.820 --> 00:00:43.920 ensures that encryption keys 16 00:00:43.920 --> 00:00:47.760 and other sensitive credentials are regularly updated 17 00:00:47.760 --> 00:00:50.610 to minimize the risk of compromise. 18 00:00:50.610 --> 00:00:54.990 Then encryption is used to protect data and secrets 19 00:00:54.990 --> 00:00:58.260 by converting them into a secure format 20 00:00:58.260 --> 00:01:02.250 that is unreadable without the correct decryption key. 21 00:01:02.250 --> 00:01:06.240 And finally, code signing verifies the authenticity 22 00:01:06.240 --> 00:01:09.840 and integrity of software using encryption, 23 00:01:09.840 --> 00:01:12.600 ensuring it has not been tampered with. 24 00:01:12.600 --> 00:01:16.260 Let's learn more about indexing, key rotation, 25 00:01:16.260 --> 00:01:18.990 encryption, and code signing. 26 00:01:18.990 --> 00:01:23.340 Then we'll do a demonstration of code signing validation. 27 00:01:23.340 --> 00:01:25.890 First, we have indexing. 28 00:01:25.890 --> 00:01:28.080 Indexing involves organizing 29 00:01:28.080 --> 00:01:30.570 and structuring sensitive data 30 00:01:30.570 --> 00:01:32.760 so it can be retrieved efficiently 31 00:01:32.760 --> 00:01:36.600 without exposing underlying data content 32 00:01:36.600 --> 00:01:38.880 to unauthorized users. 33 00:01:38.880 --> 00:01:40.770 To implement indexing, 34 00:01:40.770 --> 00:01:43.950 organizations create an index structure, 35 00:01:43.950 --> 00:01:46.530 which is a separate layer of data 36 00:01:46.530 --> 00:01:49.800 that contains identifiers or metadata, 37 00:01:49.800 --> 00:01:53.940 pointing to specific records in the main data set. 38 00:01:53.940 --> 00:01:57.570 This index might include unique identifiers 39 00:01:57.570 --> 00:02:01.710 such as customer IDs, keywords, timestamps, 40 00:02:01.710 --> 00:02:04.500 or other nonsensitive attributes 41 00:02:04.500 --> 00:02:06.360 that help locate records 42 00:02:06.360 --> 00:02:10.500 without revealing the sensitive data content itself. 43 00:02:10.500 --> 00:02:13.560 For example, in a database, 44 00:02:13.560 --> 00:02:17.940 indexing is often done by setting up a separate table 45 00:02:17.940 --> 00:02:22.940 or using database indexes like B-trees or hash indexes, 46 00:02:23.220 --> 00:02:25.860 which reference the position of records 47 00:02:25.860 --> 00:02:27.810 in the main data table 48 00:02:27.810 --> 00:02:30.120 and help optimize search speed 49 00:02:30.120 --> 00:02:34.740 and retrieval efficiency within large data sets. 50 00:02:34.740 --> 00:02:38.640 The indexing process assigns each data entry 51 00:02:38.640 --> 00:02:40.470 a unique identifier, 52 00:02:40.470 --> 00:02:42.930 and stores this identifier, 53 00:02:42.930 --> 00:02:47.670 along with its data content location in the index. 54 00:02:47.670 --> 00:02:51.000 When an authorized user queries data, 55 00:02:51.000 --> 00:02:53.880 the system searches the index first, 56 00:02:53.880 --> 00:02:58.260 using identifiers to quickly find the relevant records. 57 00:02:58.260 --> 00:03:00.630 Then it accesses the data 58 00:03:00.630 --> 00:03:03.690 based on the associated data location. 59 00:03:03.690 --> 00:03:06.840 This not only speeds up search processes, 60 00:03:06.840 --> 00:03:10.170 but also helps maintain data confidentiality 61 00:03:10.170 --> 00:03:14.640 by restricting search access to only the index layer, 62 00:03:14.640 --> 00:03:16.920 allowing efficient retrieval, 63 00:03:16.920 --> 00:03:21.330 while ensuring that sensitive information remains protected. 64 00:03:21.330 --> 00:03:25.380 Additionally, combining indexing with encryption 65 00:03:25.380 --> 00:03:28.620 can add an extra layer of security 66 00:03:28.620 --> 00:03:32.340 as only authorized users with decryption keys 67 00:03:32.340 --> 00:03:37.340 can view the full records associated with the index entries. 68 00:03:37.740 --> 00:03:40.710 Second, we have key rotation. 69 00:03:40.710 --> 00:03:42.870 Key rotation is the process 70 00:03:42.870 --> 00:03:45.870 of regularly updating encryption keys 71 00:03:45.870 --> 00:03:48.180 and other sensitive credentials 72 00:03:48.180 --> 00:03:50.850 to prevent unauthorized access 73 00:03:50.850 --> 00:03:54.150 due to key compromise or reuse. 74 00:03:54.150 --> 00:03:56.550 By changing keys periodically, 75 00:03:56.550 --> 00:03:59.580 key rotation minimizes the likelihood 76 00:03:59.580 --> 00:04:03.300 that an outdated or exposed key can be used 77 00:04:03.300 --> 00:04:05.700 to access sensitive data, 78 00:04:05.700 --> 00:04:08.670 helping to maintain the confidentiality 79 00:04:08.670 --> 00:04:10.950 of protected information. 80 00:04:10.950 --> 00:04:13.890 To implement key rotation effectively, 81 00:04:13.890 --> 00:04:17.670 organizations can use secret management platforms, 82 00:04:17.670 --> 00:04:20.970 such as AWS Key Management Service 83 00:04:20.970 --> 00:04:23.520 that automate the rotation process 84 00:04:23.520 --> 00:04:26.520 and store updated keys securely. 85 00:04:26.520 --> 00:04:29.100 Combining automated key rotation 86 00:04:29.100 --> 00:04:33.180 with policies that enforce strict key handling procedures, 87 00:04:33.180 --> 00:04:38.180 safeguards the data against unauthorized access over time. 88 00:04:38.280 --> 00:04:40.650 Third, we have encryption. 89 00:04:40.650 --> 00:04:43.440 Encryption is a data protection method 90 00:04:43.440 --> 00:04:46.920 that converts information into a secure, 91 00:04:46.920 --> 00:04:49.440 unreadable ciphertext format 92 00:04:49.440 --> 00:04:51.090 that can only be accessed 93 00:04:51.090 --> 00:04:54.900 by someone with the correct decryption key. 94 00:04:54.900 --> 00:04:57.090 By encrypting sensitive data, 95 00:04:57.090 --> 00:05:01.110 organizations ensure that unauthorized individuals 96 00:05:01.110 --> 00:05:03.930 cannot interpret or misuse it, 97 00:05:03.930 --> 00:05:06.600 even if they gain access to it. 98 00:05:06.600 --> 00:05:08.250 Encryption is widely used 99 00:05:08.250 --> 00:05:11.460 to protected data at rest or stored data, 100 00:05:11.460 --> 00:05:15.390 and data in transit or data moving between locations, 101 00:05:15.390 --> 00:05:19.050 across networks, or within cloud environments. 102 00:05:19.050 --> 00:05:20.910 Serving as a critical layer 103 00:05:20.910 --> 00:05:24.240 in maintaining data confidentiality. 104 00:05:24.240 --> 00:05:26.070 To maximize security, 105 00:05:26.070 --> 00:05:29.790 organizations should use strong encryption standards 106 00:05:29.790 --> 00:05:32.670 such as AES-256, 107 00:05:32.670 --> 00:05:35.310 and manage decryption keys securely 108 00:05:35.310 --> 00:05:37.470 through key management systems. 109 00:05:37.470 --> 00:05:39.690 Additionally, applying encryption, 110 00:05:39.690 --> 00:05:43.260 both at the data storage and transmission stages 111 00:05:43.260 --> 00:05:47.520 ensures data remains protected throughout its lifecycle. 112 00:05:47.520 --> 00:05:51.150 Fourth and last, we have code signing. 113 00:05:51.150 --> 00:05:54.720 Code signing is a confidentiality measure 114 00:05:54.720 --> 00:05:56.820 that ensures the authenticity 115 00:05:56.820 --> 00:05:58.770 and integrity of software, 116 00:05:58.770 --> 00:06:02.220 verifying that it has not been tampered with. 117 00:06:02.220 --> 00:06:04.320 By using a digital signature, 118 00:06:04.320 --> 00:06:08.280 code signing provides a way for software developers 119 00:06:08.280 --> 00:06:11.670 to assure users that the code they are installing 120 00:06:11.670 --> 00:06:15.120 or executing is genuine and safe. 121 00:06:15.120 --> 00:06:18.000 This process is especially important 122 00:06:18.000 --> 00:06:22.200 for software updates, applications, and drivers, 123 00:06:22.200 --> 00:06:26.220 where users need to trust that the software is legitimate 124 00:06:26.220 --> 00:06:30.030 and has not been altered by unauthorized sources. 125 00:06:30.030 --> 00:06:32.880 For instance, when a company releases 126 00:06:32.880 --> 00:06:35.640 an update for its application, 127 00:06:35.640 --> 00:06:37.230 code signing confirms 128 00:06:37.230 --> 00:06:40.560 that the update originated from the company 129 00:06:40.560 --> 00:06:42.900 and has not been modified. 130 00:06:42.900 --> 00:06:47.280 The digital signature serves as a seal of authenticity, 131 00:06:47.280 --> 00:06:52.080 helping users verify that the software is safe to install. 132 00:06:52.080 --> 00:06:54.810 To implement code signing securely, 133 00:06:54.810 --> 00:06:59.310 organizations should use trusted code signing certificates 134 00:06:59.310 --> 00:07:03.960 and ensure that private signing keys are stored securely, 135 00:07:03.960 --> 00:07:08.820 ideally in hardware security modules or secure vaults. 136 00:07:08.820 --> 00:07:11.790 Additionally, regular audits and monitoring 137 00:07:11.790 --> 00:07:13.800 of code signing activities 138 00:07:13.800 --> 00:07:16.950 can help identify unauthorized attempts 139 00:07:16.950 --> 00:07:19.650 to sign or alter software. 140 00:07:19.650 --> 00:07:22.170 Now let's conduct a demonstration 141 00:07:22.170 --> 00:07:25.290 of how to verify a code signature. 142 00:07:25.290 --> 00:07:26.820 In this demonstration, 143 00:07:26.820 --> 00:07:30.930 we will verify an installer file's code signature 144 00:07:30.930 --> 00:07:34.170 to verify that it has been signed by Google 145 00:07:34.170 --> 00:07:36.510 and has not been tampered with. 146 00:07:36.510 --> 00:07:37.920 In preparation, 147 00:07:37.920 --> 00:07:39.390 I've already downloaded 148 00:07:39.390 --> 00:07:43.320 the Google Chrome Installer onto this machine, 149 00:07:43.320 --> 00:07:47.340 and I moved the installer file to my desktop 150 00:07:47.340 --> 00:07:49.800 into a folder called Demo. 151 00:07:49.800 --> 00:07:54.570 So right here, we have the Chrome set up installer file. 152 00:07:54.570 --> 00:07:58.383 First, I'll open the properties on the installer file. 153 00:08:00.420 --> 00:08:04.830 Now I'll go to the Digital Signatures tab. 154 00:08:04.830 --> 00:08:07.950 Here I can quickly view a timestamp 155 00:08:07.950 --> 00:08:11.520 indicating when the certificate was signed. 156 00:08:11.520 --> 00:08:13.770 But it's a little bit truncated there, 157 00:08:13.770 --> 00:08:16.320 so I'll double click to open this up. 158 00:08:16.320 --> 00:08:19.830 Now I can see this certificate was signed 159 00:08:19.830 --> 00:08:24.210 on Sunday, October 13th, 2024. 160 00:08:24.210 --> 00:08:26.643 Now I want to view the certificate. 161 00:08:27.810 --> 00:08:29.790 in viewing this certificate, 162 00:08:29.790 --> 00:08:34.170 let's take a look first at the certification path. 163 00:08:34.170 --> 00:08:35.220 Right off the bat, 164 00:08:35.220 --> 00:08:38.280 we can see down in the certificate status pane 165 00:08:38.280 --> 00:08:41.370 that this certificate is okay. 166 00:08:41.370 --> 00:08:44.970 If there were any errors or warnings in this pane, 167 00:08:44.970 --> 00:08:47.160 it might indicate that this signature 168 00:08:47.160 --> 00:08:49.920 would be invalid or untrusted. 169 00:08:49.920 --> 00:08:53.280 But in this case, the okay status indicates 170 00:08:53.280 --> 00:08:56.310 that each certificate in the chain, 171 00:08:56.310 --> 00:08:58.530 from the signer certificate, 172 00:08:58.530 --> 00:09:02.490 all the way up to the root certification authority 173 00:09:02.490 --> 00:09:04.920 is trusted and valid. 174 00:09:04.920 --> 00:09:08.190 Last, I'm going to click on the General tab 175 00:09:08.190 --> 00:09:12.420 and take a look at the validity period of this certificate. 176 00:09:12.420 --> 00:09:16.710 This certificate is valid from the fourth month of 2024 177 00:09:16.710 --> 00:09:19.590 to the fourth month of 2027, 178 00:09:19.590 --> 00:09:23.670 and it was signed October 13th of 2024, 179 00:09:23.670 --> 00:09:26.760 which is within that valid window. 180 00:09:26.760 --> 00:09:28.590 The last thing I'm going to check here 181 00:09:28.590 --> 00:09:31.500 is to make sure that this certificate is being used 182 00:09:31.500 --> 00:09:33.750 for its intended purpose. 183 00:09:33.750 --> 00:09:37.050 Up here in the top pane of the General tab, 184 00:09:37.050 --> 00:09:40.260 I can see that this certificate is intended 185 00:09:40.260 --> 00:09:44.370 to ensure software came from the software publisher, 186 00:09:44.370 --> 00:09:47.940 which is exactly how it's being used. 187 00:09:47.940 --> 00:09:52.650 So this process has shown the file's signing date, 188 00:09:52.650 --> 00:09:56.670 confirmed it was signed while the certificate was valid, 189 00:09:56.670 --> 00:09:58.980 and verified the chain of trust 190 00:09:58.980 --> 00:10:01.890 to a root certification authority. 191 00:10:01.890 --> 00:10:04.770 We now know we can trust this file 192 00:10:04.770 --> 00:10:07.410 and proceed with the installation. 193 00:10:07.410 --> 00:10:11.610 So remember, confidentiality management 194 00:10:11.610 --> 00:10:15.330 is the process of protecting sensitive information 195 00:10:15.330 --> 00:10:19.170 to prevent unauthorized access or exposure. 196 00:10:19.170 --> 00:10:23.280 Key concepts include indexing, key rotation, 197 00:10:23.280 --> 00:10:26.100 encryption, and code signing, 198 00:10:26.100 --> 00:10:30.540 each serving a specific role in safeguarding data. 199 00:10:30.540 --> 00:10:33.450 Indexing organizes sensitive data 200 00:10:33.450 --> 00:10:36.750 in a way that allows for efficient retrieval 201 00:10:36.750 --> 00:10:39.780 without exposing the actual data content 202 00:10:39.780 --> 00:10:41.820 to unauthorized users. 203 00:10:41.820 --> 00:10:44.010 Next, key rotation involves 204 00:10:44.010 --> 00:10:48.420 regularly updating encryption keys and other credentials, 205 00:10:48.420 --> 00:10:51.180 reducing the risk of key compromise 206 00:10:51.180 --> 00:10:53.490 and enhancing data security. 207 00:10:53.490 --> 00:10:56.280 Then encryption protects the data 208 00:10:56.280 --> 00:10:59.640 by converting it into an unreadable format 209 00:10:59.640 --> 00:11:02.940 that only authorized users can decode, 210 00:11:02.940 --> 00:11:06.900 securing both data at rest and in transit. 211 00:11:06.900 --> 00:11:10.650 Finally, code signing uses digital signatures 212 00:11:10.650 --> 00:11:14.880 to verify the authenticity and integrity of software, 213 00:11:14.880 --> 00:11:19.020 ensuring it hasn't been altered by unauthorized sources. 214 00:11:19.020 --> 00:11:23.370 Together, these practices form a comprehensive approach 215 00:11:23.370 --> 00:11:26.670 to maintaining data privacy and security 216 00:11:26.670 --> 00:11:28.653 in any organization.