information security versus data privacy%2

8/19/2019 Information Security Versus Data Privacy%2

1/7

Running head: Information security versus data privacy 1

Information Security Versus Data Privacy: A Qualitative Eploration

!regory "otty # IS$ %&' Emerging (y)er Security "echnology* "hreats* and Defense

(olorado State +niversity # !lo)al (ampus

Doctor $urthy Rallapalli # ,anuary '* &-1.


2/7

Information security versus data privacy &

Information Security Versus Data Privacy: A Qualitative Eploration

$odern glo)al enterprises operate /ithin a comple economic sphere continually

encounter challenges un0no/n to previous generations "he price of a virtually limitless

customer supply mandates several fundamental systemic developments that elicit immediate

leadership action An eponential rise in security incidents /orld/ide has prompted eecutives

not only to re2assess the role of ris0 management as a priority* )ut to align the )usiness practice

to favor information security policy Recent information security )reaches involving t/o ma3or

retailers* "arget and 4ome Depot* graphically illustrate ne/ organi5ational issues /ith a

potential for immediate cataclysmic conse6uences 7oth "arget and 4ome Depot eperienced

massive and comple security )reaches in the last t/o years8 the foresho/ of an economic future

froth /ith financial fallacy

"he purpose of the follo/ing eploration is an attempt to develop a 6ualitative

analysis of the concepts of security and privacy through their increasing prominence in the glo)al

enterprise system "he research incorporates the t/o recent massive security )reaches of "arget

and 4ome Depot retail organi5ations for a comparative assessment 4ighlighting the negative

effects to )rand and reputation delineates the fundamental differences in the role of

organi5ational security and the contrasting elements attri)uted to data privacy "his eploration

only suggests a need for further research into this rapidly increasing aspect of organi5ational

policy "he goal of the research aspires only to attract attention to the fundamental a/areness

glo)al companies need to survive in our modern technological society

Recent Security Breaches


3/7

Information security versus data privacy 9

Every glo)al enterprise today utili5es the products of technology in virtually every aspect

of )usiness operations All of this information in storage and transfer is continually su)3ected to a

host of security threats that are inherent to the nature of the medium Recently* )ig )usiness has

seen a proliferation of cy)er security attac0s in )oth si5e and compleity "/o recent security

incidents that involve the compromising of private data revealed themselves in the Target

security )reach of &-1 and the similar )reach of Home Depot* /hich occurred later in the same

year In )oth of these incidents* a large volume of private information /as lea0ed out* including

customer;s names* addresses* and confidential financial information According to *

the private information /as o)tained primarily through mal/are planted at self2chec0out lines

/ithin the sots at 4ome Depot Similarly* the hac0ers that conducted the "arget security )reach

/ere a)le to access the P?S system through a third party access "he access allo/ed the

cy)ercriminals to remotely plant mal/are directly into the point of sale net/or0 of "arget and

access large volumes of private data A security )reach of this magnitude often involves a

compromise of private information* resulting in a pu)lic outcry /hich also damages the

companies )rand and reputation

Renewal of Attention

Recent security )reaches* such as the Target and Home Depot incidents* have )rought a

great deal of attention to )oth the issues of information security and the privacy of the data

o)tained and held )y large corporations In this case* the magnitude of the privacy )reach has

reinforced efforts in the retail information security departments at the eecutive level According

to "uc0er =&-1>* recent cy)er2attac0s have led to increased focus of accounta)ility and incident

reporting Pu)lic outcry from information security )reaches is no/ a prime focus of the

eecutive )ranch of government* as evidenced )y President ?)ama;s statement relaying the


4/7

Information security versus data privacy

importance of information security /ith his &-1% State of the +nion Address =Shear and Singer

&-1%> "he "arget and 4ome Depot security )reaches )rought to attention an organi5ational vie/

of security and privacy in a trade2off type relationship /ith the )enefits reali5ed through modern

technology "his )usiness concept is eplored in detail from earlier research from Dinev and 4art

=1'''>* /ho proposed a hypothetical landscape /here this idea is an underlying )usiness

concept "he t/o recent security )reaches reveal privacy concerns from consumers /hich must

)e addressed independently from an organi5ations security policy In these cases* privacy

enhances security policy )ut conflicts /ith current organi5ational ideas concerning the value of

data privacy "oday;s companies can no longer vie/ a security incident as an @accepta)le ris0 of

conducting )usiness Bith all the rene/ed attention focused on data privacy and the a)ility to

compromise* it is natural that this issue )e a primary focus for the future

Is More Secure More Private?

"he 6uestion of increasing information security to enhance privacy concerns re6uires

further investigation "hough it may seem simple to ans/er the availa)le information does not

al/ays relate one2to2one Rel0in =&--.> offers some fundamental 6uestions concerning data

privacy that are relevant today in light if these recent massive security )reaches:


5/7

Information security versus data privacy %

Does the availa)ility of information 3ustify it useC

4o/ much energy and epense should )usinesses incur to the goal of a)solute

privacyC

Bhat are realistic non2disclosure epectations for former employeesC

Bhat part of information is o/ned )y a )usinessC

Questions li0e these )ecome more relevant in today;s )usiness landscapes Information privacy

has long )een ignored )y American )usinesses =Ac0erman and Davis* &--%>* )ut these recent

catastrophic security )reaches demand organi5ations utili5e 0no/n data privacy measures

eisting in other parts of the /orld According to Beiss and $iller =&-1%>* this includes adoption

of the European Pin and (hip system of data security* along /ith the emerging system of

Tokenization /here the private information is stored on random num)ered etremely secured

vaults A tendency for organi5ations to focus more on the specifics in gathering* storage and

transferal of private information must no/ )e strategically revie/ed and placed aside in favor of

an individual;s right to privacy "he strategy of @Accepta)le Ris0 Policy can no longer include a

customer;s private information

!hy !e Tolerate These Practices?


6/7

Information security versus data privacy .

Evidence from Beiss and $iller =&-1%> verify that the privacy standards in the +nited

States are often much more relaed than other parts of the /orld ottrell =&-1> recommends

certain actions that individuals can ta0e that help to secure information* such never giving up

social security num)ers or )irthdates to anyone unauthori5ed Americans historically have placed

their trust in )ig )usiness to secure data "he recent plethora of security )reaches* including

"arget and 4ome Depot* allo/ for 6uestions concerning organi5ational data privacy policy "he

trust consumers have placed in )usiness and regulatory agencies )egins to dispel /hen the facts

of the security )reach are revealed According to $alcom =&-1>* these recent security reaches*

especially the "arget )reach* have heightened consumer a/areness to the overall picture of

organi5ational data security "he attitude from organi5ations in the past has )een to tolerate an

accepta)le amount of ris0 in data privacy this idea stems from previous generations /ho tended

to )elieve /hat )usiness reported to the regulatory commissions along /ith the idea of )usiness

)eing on the side of the consumer "oday;s customers are /arier "he )rand loyalty is not the

same as in previous generations* thus adding a degree of s0epticism to /hat )usiness actually

reports* especially in the instance of a privacy )reach "oday;s /ell2informed customers /ill not

tolerate and compromise of personal information for any organi5ational concern "he customer

no/ values an organi5ations commitment to security and the protection of their confidential

information*

"onclusion

Although the terms of privacy and security are similar in many aspects* there are

distinct differences "he term security refers to an organi5ational design of creating an

environment that is largely free of ris0 Privacy* on the other hand* is the a)ility to )e free from

)eing o)served* copied* or affected in any /ay


7/7

Information security versus data privacy F

References

Gast Hame* $ =ear> Article "itle Journal Title* Pages rom 2 "o

Gast Hame* $ =ear> Book Title. (ity Hame: Pu)lisher Hame

information security versus data privacy%2

Documents