Identify and explain controls designed to protect the confidentiality of sensitive information Confidentiality Reliable systems protect confidential information from unauthorized disclosure. Types of information that need to be protected would include; business plans, pricing strategies, client and customer lists, and legal documents. Encryption is a fundamental control procedure for protecting the confidentiality of sensitive information. It is easy to intercept information sent over the Internet. Encryption solves this problem. Encrypting information before sending it over the Internet creates what is called a Virtual Private Network (VPN). It is especially important to encrypt any sensitive information stored in laptops, personal digital assistants (PDAs), cell phones, and other portable devices. It is also important to control access to system outputs. Useful control procedures for controlling access to information include the following: Do not allow visitors to roam through buildings without supervision, to prevent them from seeing sensitive information on workstation displays or picking up and reading printed reports. Require employees to log out of any applications prior to leaving their workstation unattended. Restrict access to rooms housing printers and fax machines. Code reports to reflect the importance of the information contained therein, and train employees to not leave reports containing sensitive information in plain view on their desktops when they are not physically present. It is especially important to control the disposal of information resources. Printed reports and microfilm containing sensitive information should be shredded before being thrown out. Special procedures are needed to destroy information stored on magnetic and optical media. Building-in operating system commands to delete that information is insufficient, because many utility programs have been developed to recover deleted files. Proper disposal of computer media requires use of special software designed to “wipe” the media clean by repeatedly overwriting the disk with random patterns of data. Incorporation of digital cameras in cell phones makes it possible for visitors to surreptitiously capture confidential information. So, many organizations now prohibit visitors from using cell phones. Employee use of e-mail and instant messaging (IM) probably represents two of the greatest threats to the confidentiality of sensitive information.