Security and Privacy

What is security?

  • Confidentiality: access to systems or data is limited to authorized parties
  • Integrity: when you receive data, you get the “right” data
  • Availability: the system and data is there when you want it
    • A DDoS (Distributed Denial of Service) attack tries to make a system unavailable by overwhelming it with traffic from many different sources at the same time. This directly attacks Availability in the CIA triad.

What is privacy?

  • Technical Privacy: define, what is being protected, from whom, and under what conditions this protection will hold
  • Conceptual Privacy: define what should be private. This is about principles, not implementations
  • Legal Privacy: define by laws and policies that who can access the data, how data can be used/shared, “right to be forgotten” and consent and disclosure.
  • Usable Privacy: can users understand the privacy protection and use it correctly?
    • focuses on UX and user behaviour
    • recognize that users make mistakes
    • privacy settings must be understandable

Security vs Privacy

Security protects data from unauthorized access. Privacy governs appropriate use of data, even by authorized parties.