Title :
Managing information privacy: developing a context for security and privacy standards convergence
Author :
ROBBINS, JIM ; SABO, JOHN T.
Author_Institution :
Electron. Warfare Associates, Ottawa, Ont.
Abstract :
Information privacy is much broader than data security. It´s about the collection, processing, use, and protection of personal information. Essentially, business processes, IT systems, and compliance controls must support the full set of requirements embodied in these principles and expressed in relevant laws and policies. Implementation choices, including automation level and security control selection, become business and business-risk decisions. To institute such principles, businesses should understand the critical need for policy-driven security and privacy compliance in developing the right business processes and overall technical architecture
Keywords :
data privacy; security of data; information privacy management; privacy standards; security standards; Automatic control; Automation; Control systems; Convergence; Data privacy; Data security; Information management; Information security; Protection; Standards development; CC; Common Criteria; ISSEA; ISTPA; SSE-CMM; privacy principles;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2006.98
