Disclosure of the sum of all financial aid for students in Smith dorm is not sensitive because no individual student is associated with an amount. Similarly, a list of names of students receiving financial aid is not sensitive because no amounts are specified. However, the combination of these two lists reveals the amount for an individual student if only one student in Smith dorm receives aid. What computation would a database management system have to perform in order to determine that the list of names might reveal sensitive data? What records would the database management system have to maintain on what different users know in order to determine that the list of names might reveal sensitive data?
What will be an ideal response?
The database management system has to track all information previously disclosed and all inferences that could be drawn from that information. The possible inferences can grow exponentially.
Computer Science & Information Technology
You might also like to view...
A formula begins with a(n) equal sign and contains cell references instead of raw numbers for a calculation.
Answer the following statement true (T) or false (F)
Computer Science & Information Technology
The primary purpose of ____ is to enable organizations to obtain certification; thus, it serves more as an assessment tool than an implementation framework.
A. ISO/IEC 27001 B. ISO/IEC 27002 C. COBIT D. ISACA
Computer Science & Information Technology