The Influence Of Private Data On Information Systems [sic] Security : A data-centered approach to privacy protection
Langue Anglais
Langue Anglais
Auteur(s) : Stiehl, Mathieu
Directeur : Pallud, Jessie
Composante : EMS
Date de création : 30-06-2015
Description : Management of Information Systems, How does private data collected by any organization affect their information security measures? The increasingly common collection and use of private data has led to a similar increase of risk, which compels organizations to be more cautious on matters of security. This research analyzes how data could be used as a basis for securing an information system, from the strategic choices that lead to its collection to the ways to keep it safe. By interviewing professionals of a variety of backgrounds and industries and categorizing data into explicit identifiers, sensitive attributes and non-sensitive attributes, it was found that each type of data requires specific protection measures. Each category of data has its own sensitivity level and related risk, which organizations need to take into consideration in order to make all their employees consider security as self-evident and reduce damage in case of breaches. It is also shown that obligations (legislation and international) and privacy concerns (which could be observed with a simple trade-off equation of privacy risk over privacy benefit) vary from one type of data to another. This means that decisions of data collection have to be made in compliance with the methods used for security. It is crucial for the organizations to strategize their data security in a way that mirrors the way business operates. This alignment, which involves all employees across departments, makes data protection part of the overall strategy, builds up trust and adds value to the firm.
Mots-clés libres : Protection de l'information (informatique), Management of Information Systems, private data, information system security, privacy protection, management des systèmes d'information, données personnelles, sécurité des systèmes d'information, protection de la vie privée, 650 Gestion et organisation de l'entreprise
Couverture : FR
Directeur : Pallud, Jessie
Composante : EMS
Date de création : 30-06-2015
Description : Management of Information Systems, How does private data collected by any organization affect their information security measures? The increasingly common collection and use of private data has led to a similar increase of risk, which compels organizations to be more cautious on matters of security. This research analyzes how data could be used as a basis for securing an information system, from the strategic choices that lead to its collection to the ways to keep it safe. By interviewing professionals of a variety of backgrounds and industries and categorizing data into explicit identifiers, sensitive attributes and non-sensitive attributes, it was found that each type of data requires specific protection measures. Each category of data has its own sensitivity level and related risk, which organizations need to take into consideration in order to make all their employees consider security as self-evident and reduce damage in case of breaches. It is also shown that obligations (legislation and international) and privacy concerns (which could be observed with a simple trade-off equation of privacy risk over privacy benefit) vary from one type of data to another. This means that decisions of data collection have to be made in compliance with the methods used for security. It is crucial for the organizations to strategize their data security in a way that mirrors the way business operates. This alignment, which involves all employees across departments, makes data protection part of the overall strategy, builds up trust and adds value to the firm.
Mots-clés libres : Protection de l'information (informatique), Management of Information Systems, private data, information system security, privacy protection, management des systèmes d'information, données personnelles, sécurité des systèmes d'information, protection de la vie privée, 650 Gestion et organisation de l'entreprise
Couverture : FR
Type : Mémoire de Master, ressource électronique
Format : Document PDF
Source(s) :
Format : Document PDF
Source(s) :
- http://www.sudoc.fr/243033621
Entrepôt d'origine :
Identifiant : ecrin-ori-94725
Type de ressource : Ressource documentaire
Identifiant : ecrin-ori-94725
Type de ressource : Ressource documentaire