jump to navigation

Privacy and Security Best Practices September 16, 2013

Posted by markwhylie in Security.
trackback

The terms privacy and security are terms generally used quite loosely and at times are referenced to by some to mean the same thing. However, it is important to note that there is a important distinction between the two.  According to the text, the term “privacy” denotes a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released. The term “security” on the other hand describes techniques that control who may use or modify a computer or the information contained within [1].  I like to consider security being the protocols to protect privacy.  When securing a system, one should consider the following practices to better deter unauthorized access and to maintain the integrity of the system being secured. These practices involves,

1. labeling files with lists of authorized users,
2. verifying the identity of a prospective user by
demanding a password,
3. shielding the computer to prevent interception and
subsequent interpretation of electromagnetic radiation,
4. enciphering information sent over telephone lines,
5. locking the room containing the computer,
6. controlling who is allowed to make changes to the
computer system (both its hardware and software),
7. using redundant circuits or programmed cross-checks
that maintain security in the face of hardware or
software failures,
8. certifying that the hardware and software are actually
implemented as intended.

As a developer of software, I must agree with these best practices. For instance, in developing software that provides a user access to a back end system via a web browser, most cases will involve exchanging sensitive information between the two endpoints. This situation requires that the developer provide a way to secure the data from eavesdropping or a man in the middle data manipulation by using a encryption technique such as SSL certificates.

I will leave you with this question. In your line of work, can you identify an area where you or your organization is lacking in protecting the privacy of a system, individual or entity?

[1] Saltzer, Jerome H., and Schroeder, Michael D., “The Protection of Information in Computer Systems”, Proceedings of the IEEE, Volume 63, Issue 9, Sept. 1975

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: