How Do Security, Privacy, and Compliance Fit Together?
Information security is the practice of protecting information to ensure the goals of confidentiality, integrity, and availability.
- makes sure that accurate information is available to authorized individuals when it is needed
Privacy means that a person has the right to specify how his or her data is collected, used, and shared.
- people have control of their personal data
- Information security practices can be used to make sure that a person’s privacy decisions are respected
Info
Compliance requirements are often understood as the minimum level of action that a person or organization must take to meet legal or regulatory requirements.
- can create good information security or privacy practices that exceed legal minimum requirements though
- can be a competitive advantage
- Organizations do not always do a good job of either information security or protecting privacy
- so laws are enacted that force organizations to take a more structured approach
- no laws enacted in the United States that comprehensively address information security or data privacy
- laws are made to protect certain types of information on an industry basis
- E.g., healthcare
- laws are made to protect certain types of information on an industry basis
- If an organization fails to meet its obligations, it can be subject to sanctions
Compliance is the action of following the applicable laws and rules and regulations.
- supported by documenting organizational controls and enhancing the capabilities of information systems to ensure information security