Privacy and security: making and breaking the rules

AUTHOR: George Raikos

The need for secure computer-based information systems has been with us for more than half a century. Defence systems, national security, privileged information assets and strategic advantage based on information, are some of the key components of what an Information Security Strategist usually includes in a security policy blueprint that caters for maximum level of information protection coupled with tight access control.

Here comes the first societal-pushed need for privacy, at the individual level, accompanied by strict intercontinental regulation to enable one to protect his/her private life and the elements that constitute it, at free will.

What looks crystal clear from the point of view of the Regulator, seems quite elastic for the data centre administrator, the CISO and the BoD during daily business running, when maintaining a robust information security implementation may conflict with the compliance imperative of keeping a person’s data private at all times.

Experience shows that most Security Strategists will choose to elevate security and override controls in times of crisis where homeland security, national or business defence is under stress. An individual’s privacy will take its toll as a result, whether we all like it or not.

At the end of the day, the people in charge of security will have to assess the risk of running on a low defence shield, versus breaching individual data privacy that in essence allows for a proactive monitoring of the environment, looking for threats or attack patterns which may endanger the survival of the systems. Such a stance, will sooner or later translate into regulatory penalties, the size of which will have to be taken into account when factoring information risk vs compliance risk stemming from falling short on data privacy.

Liked this post? We’ve got more coming! Sign up to our newsletter to get the latest content straight to your inbox.