F Fair Information Practices FIP Standards governing collection and use of personal data.. Overview Protection and privacy of personal information is becoming increasingly important as
Trang 2F
Fair Information Practices (FIP)
Standards governing collection and use of personal data
Overview
Protection and privacy of personal information is
becoming increasingly important as e-commerce grows
on the Internet The concept of Fair Information Prac
tices (FIP) can be traced back to the Privacy Act of
1974, U.S legislation designed to protect personal
information collected by government agencies The
Organization for Economic Cooperation and Develop
ment in Europe incorporated these practices into its
Guidelines for the Protection of Personal Data and
Transborder Data Flows in 1980, which evolved into
the European Union Data Protection Directive in 1995
FIP can be summarized in five basic principles:
● Notice: An agency collecting personal information
from individuals must inform these individuals con
cerning its collection and use practices
● Choice: Individuals must be able to determine how
collected information should be used
● Access: Individuals must be able to view, modify,
and contest the accuracy of personal information
collected about them
● Security: Agencies collecting personal informa
tion must protect such information from unautho
rized access
● Enforcement: There should be legal mechanisms
in place to enforce these practices to ensure their
compliance
Other important principles include these:
● Data integrity: Agencies collecting personal
information must maintain the integrity of the
data collected
● Onward transfer: An agency collecting informa
tion from individuals must inform these individuals concerning its policies for passing such information
on to other agencies
● Remedy: Individuals must have avenues of remedy
available should they determine that an agency holding personal information about them has mis
used this information or allowed it to be misused
For More Information
The 1998 report “Privacy Online: A Report to Con
gress” by the Federal Trade Commission outlines the issues and practices surrounding FIP You can
down-load this report from www.ftc.gov/reports/privacy2000/
privacy2000.pdf in PDF format
See Also: privacy
false negative
Reporting of malicious events as benign by a security system
Overview
False negatives occur when a firewall, intrusion detec
tion system (IDS), or other network security device identifies a malicious event as benign False negatives are therefore failures of these security systems to prop erly identify attempts to penetrate network defenses
They may be caused by misconfiguration of the security system or basic flaws in its design Note that a mali
cious event resulting from a new form of exploit and ignored by a security system is not considered a flaw in the system, for no security system can completely defend against exploits that have not yet been con
ceived (Heuristic methods try to anticipate new attacks but usually generate large numbers of false positives.) False negatives can have catastrophic effects for the net-work the security device is protecting Penetration of
F
109