information security versus data privacy%2
TRANSCRIPT
-
8/19/2019 Information Security Versus Data Privacy%2
1/7
Running head: Information security versus data privacy 1
Information Security Versus Data Privacy: A Qualitative Eploration
!regory "otty # IS$ %&' Emerging (y)er Security "echnology* "hreats* and Defense
(olorado State +niversity # !lo)al (ampus
Doctor $urthy Rallapalli # ,anuary '* &-1.
-
8/19/2019 Information Security Versus Data Privacy%2
2/7
Information security versus data privacy &
Information Security Versus Data Privacy: A Qualitative Eploration
$odern glo)al enterprises operate /ithin a comple economic sphere continually
encounter challenges un0no/n to previous generations "he price of a virtually limitless
customer supply mandates several fundamental systemic developments that elicit immediate
leadership action An eponential rise in security incidents /orld/ide has prompted eecutives
not only to re2assess the role of ris0 management as a priority* )ut to align the )usiness practice
to favor information security policy Recent information security )reaches involving t/o ma3or
retailers* "arget and 4ome Depot* graphically illustrate ne/ organi5ational issues /ith a
potential for immediate cataclysmic conse6uences 7oth "arget and 4ome Depot eperienced
massive and comple security )reaches in the last t/o years8 the foresho/ of an economic future
froth /ith financial fallacy
"he purpose of the follo/ing eploration is an attempt to develop a 6ualitative
analysis of the concepts of security and privacy through their increasing prominence in the glo)al
enterprise system "he research incorporates the t/o recent massive security )reaches of "arget
and 4ome Depot retail organi5ations for a comparative assessment 4ighlighting the negative
effects to )rand and reputation delineates the fundamental differences in the role of
organi5ational security and the contrasting elements attri)uted to data privacy "his eploration
only suggests a need for further research into this rapidly increasing aspect of organi5ational
policy "he goal of the research aspires only to attract attention to the fundamental a/areness
glo)al companies need to survive in our modern technological society
Recent Security Breaches
-
8/19/2019 Information Security Versus Data Privacy%2
3/7
Information security versus data privacy 9
Every glo)al enterprise today utili5es the products of technology in virtually every aspect
of )usiness operations All of this information in storage and transfer is continually su)3ected to a
host of security threats that are inherent to the nature of the medium Recently* )ig )usiness has
seen a proliferation of cy)er security attac0s in )oth si5e and compleity "/o recent security
incidents that involve the compromising of private data revealed themselves in the Target
security )reach of &-1 and the similar )reach of Home Depot* /hich occurred later in the same
year In )oth of these incidents* a large volume of private information /as lea0ed out* including
customer;s names* addresses* and confidential financial information According to *
the private information /as o)tained primarily through mal/are planted at self2chec0out lines
/ithin the sots at 4ome Depot Similarly* the hac0ers that conducted the "arget security )reach
/ere a)le to access the P?S system through a third party access "he access allo/ed the
cy)ercriminals to remotely plant mal/are directly into the point of sale net/or0 of "arget and
access large volumes of private data A security )reach of this magnitude often involves a
compromise of private information* resulting in a pu)lic outcry /hich also damages the
companies )rand and reputation
Renewal of Attention
Recent security )reaches* such as the Target and Home Depot incidents* have )rought a
great deal of attention to )oth the issues of information security and the privacy of the data
o)tained and held )y large corporations In this case* the magnitude of the privacy )reach has
reinforced efforts in the retail information security departments at the eecutive level According
to "uc0er =&-1>* recent cy)er2attac0s have led to increased focus of accounta)ility and incident
reporting Pu)lic outcry from information security )reaches is no/ a prime focus of the
eecutive )ranch of government* as evidenced )y President ?)ama;s statement relaying the
-
8/19/2019 Information Security Versus Data Privacy%2
4/7
Information security versus data privacy
importance of information security /ith his &-1% State of the +nion Address =Shear and Singer
&-1%> "he "arget and 4ome Depot security )reaches )rought to attention an organi5ational vie/
of security and privacy in a trade2off type relationship /ith the )enefits reali5ed through modern
technology "his )usiness concept is eplored in detail from earlier research from Dinev and 4art
=1'''>* /ho proposed a hypothetical landscape /here this idea is an underlying )usiness
concept "he t/o recent security )reaches reveal privacy concerns from consumers /hich must
)e addressed independently from an organi5ations security policy In these cases* privacy
enhances security policy )ut conflicts /ith current organi5ational ideas concerning the value of
data privacy "oday;s companies can no longer vie/ a security incident as an @accepta)le ris0 of
conducting )usiness Bith all the rene/ed attention focused on data privacy and the a)ility to
compromise* it is natural that this issue )e a primary focus for the future
Is More Secure More Private?
"he 6uestion of increasing information security to enhance privacy concerns re6uires
further investigation "hough it may seem simple to ans/er the availa)le information does not
al/ays relate one2to2one Rel0in =&--.> offers some fundamental 6uestions concerning data
privacy that are relevant today in light if these recent massive security )reaches:
-
8/19/2019 Information Security Versus Data Privacy%2
5/7
Information security versus data privacy %
Does the availa)ility of information 3ustify it useC
4o/ much energy and epense should )usinesses incur to the goal of a)solute
privacyC
Bhat are realistic non2disclosure epectations for former employeesC
Bhat part of information is o/ned )y a )usinessC
Questions li0e these )ecome more relevant in today;s )usiness landscapes Information privacy
has long )een ignored )y American )usinesses =Ac0erman and Davis* &--%>* )ut these recent
catastrophic security )reaches demand organi5ations utili5e 0no/n data privacy measures
eisting in other parts of the /orld According to Beiss and $iller =&-1%>* this includes adoption
of the European Pin and (hip system of data security* along /ith the emerging system of
Tokenization /here the private information is stored on random num)ered etremely secured
vaults A tendency for organi5ations to focus more on the specifics in gathering* storage and
transferal of private information must no/ )e strategically revie/ed and placed aside in favor of
an individual;s right to privacy "he strategy of @Accepta)le Ris0 Policy can no longer include a
customer;s private information
!hy !e Tolerate These Practices?
-
8/19/2019 Information Security Versus Data Privacy%2
6/7
Information security versus data privacy .
Evidence from Beiss and $iller =&-1%> verify that the privacy standards in the +nited
States are often much more relaed than other parts of the /orld ottrell =&-1> recommends
certain actions that individuals can ta0e that help to secure information* such never giving up
social security num)ers or )irthdates to anyone unauthori5ed Americans historically have placed
their trust in )ig )usiness to secure data "he recent plethora of security )reaches* including
"arget and 4ome Depot* allo/ for 6uestions concerning organi5ational data privacy policy "he
trust consumers have placed in )usiness and regulatory agencies )egins to dispel /hen the facts
of the security )reach are revealed According to $alcom =&-1>* these recent security reaches*
especially the "arget )reach* have heightened consumer a/areness to the overall picture of
organi5ational data security "he attitude from organi5ations in the past has )een to tolerate an
accepta)le amount of ris0 in data privacy this idea stems from previous generations /ho tended
to )elieve /hat )usiness reported to the regulatory commissions along /ith the idea of )usiness
)eing on the side of the consumer "oday;s customers are /arier "he )rand loyalty is not the
same as in previous generations* thus adding a degree of s0epticism to /hat )usiness actually
reports* especially in the instance of a privacy )reach "oday;s /ell2informed customers /ill not
tolerate and compromise of personal information for any organi5ational concern "he customer
no/ values an organi5ations commitment to security and the protection of their confidential
information*
"onclusion
Although the terms of privacy and security are similar in many aspects* there are
distinct differences "he term security refers to an organi5ational design of creating an
environment that is largely free of ris0 Privacy* on the other hand* is the a)ility to )e free from
)eing o)served* copied* or affected in any /ay
-
8/19/2019 Information Security Versus Data Privacy%2
7/7
Information security versus data privacy F
References
Gast Hame* $ =ear> Article "itle Journal Title* Pages rom 2 "o
Gast Hame* $ =ear> Book Title. (ity Hame: Pu)lisher Hame