Information systems security and privacy

Abstract : The author clarifies the relationship between security and privacy in information systems. Record-keeping privacy concerns personal information kept in computer-based systems, and the essence of it is protecting such information and controlling its use for authorized purposes. In contrast, computer security is that body of technology, techniques, procedures, and practices that provides the protective mechanisms to assure the safety of both the computer systems themselves and the information and the information within them; and, in addition, limits access to such information solely to authorized users. Computer security is of importance whether the information to be protected is personal in nature and therefore relative to privacy; whether it is defense in nature and therefore related to the security of the country; or whether it is sensitive in nature and therefore relevant to corporate welfare in the private sector. The important point to be noted is that a comprehensive set of security safeguards within and around a computer-based information system is an essential prerequisite for assuring personal privacy. To operate such a system without relevant safeguards is a sham against privacy assurance. The computer security issue must be seen as analogous to the classical offense/defense situation. As computer security safeguards become stronger, the offenses against them will become more sophisticated and the cycle will repeat. Therefore, no organization or Congress can assume that the computer security issue is one that can be looked at and forgotten.