chapter  6
Pages 26

In general, privacy differs from confidentiality, in that privacy has a broader scope of additional controls, including not just confidentiality, but also authentication, authorization, and accountability. 1. Proactive controls for authentication of authorized entities 2. Preventive measures against data disclosure to an unau-

thorized entity 3. Detective measures to monitor for data loss 4. Notification of a data breach to authorized entities

In Chapter 3 (Authentication), we discussed proactive controls, including methods for single, mutual, and multifactor authentication such as knowledge, possession, biometric, and cryptographic factors. We also considered authorization for credit card and debit card payments. With regard to privacy, authorization is associated with permissions to transmit, process, or store personal information.