1

I just started studying up for the CISSP and am having trouble understanding few concepts.

This is regarding confidentiality, Below are some of the aspects of confidentiality

  • Sensitivity
  • Discretion
  • Criticality
  • Concealment
  • Secrecy
  • Privacy
  • Seclusion
  • Isolation

My question is about concealment and secrecy. These two concepts appear to be the same. Can someone explain how they are different?

Improve this question

2 Answers 2

Reset to default
2

Concealment is hiding something or someone. What is concealed may or may not be protected. Perhaps it is merely hidden. Concealment is something done to prevent disclosure, usually a single action.

Sergeant Jones wants to conceal his truck from aircraft, so he hides it in a garage. But if he had wanted to protect it too, he would have put in a bunker. Concealment means hiding. We rarely speak of a level of concealment.

Now he has a plaintext message. He is going to conceal it inside a photo and send it to the friendly local militia. If he had wanted to protect that message, he would have encrypted it.

Secrecy is a practice, the state of holding secrets, between people. Everything that Sergeant Jones does is done in a climate of secrecy vis-a-vis a specific threat or threats. We can then speak of levels of secrecy. Secrecy expresses overall security needs--the big picture of relationships, trust, privacy, and disclosure.

Improve this answer
4
  • 1
    Concealing is hiding something. You may know it exists (like your lost car keys) but you can't see it or know where to look for it (because it is concealed behind your couch). Secret means the existence of, or some attribute of an item is not known to you. So if you know about something but can't find it, it may be concealed. If either you don't know if something exists or the nature of it, that thing is secret.
    – Mark Ripley
    Commented Jul 7, 2019 at 11:16
  • I think we can think of coke formula as secrecy and Steganography as concealment? or vice versa?
    – kudlatiger
    Commented Jul 8, 2019 at 4:51
  • @kudlatiger Coke's formula: a secret. Secrecy surrounds it. Steganography: concealment.
    – Patriot
    Commented Jul 8, 2019 at 4:55
  • 2
    At the risk of generating discontent. The CISSP test is very much a case of "echo back my terminology". Some portions make no real sense and in a few cases are flat out wrong. Don't get too wrapped up in making sense of trivia, just remember to parrot back their terminology for the test.
    – user10216038
    Commented Jul 8, 2019 at 17:18
-2

Concealment is security through obscurity; there's no real access control to protect the information. Hiding information in plain sight. Secrecy is protecting the information from unauthorized access through some control mechanisms like encryption.

Improve this answer
1
  • You've gone too far with "hiding in plain sight" or not having controls. That's not true at all as a inherent quality for concealment.
    – schroeder
    Commented Mar 21, 2020 at 16:05

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .