TY - JOUR
T1 - Separating the Siamese twins
T2 - a proposed methodology for differentiating between privacy and security
AU - Hirschprung, Ron S.
N1 - Publisher Copyright:
© 2023 Informa UK Limited, trading as Taylor & Francis Group.
PY - 2024
Y1 - 2024
N2 - Security and privacy have become major issues. Although no one seriously claims that privacy and security are identical, most sources treat them as if they are. Differentiating between privacy and security is essential, for example, in those situations where there is a trade-off between the two concepts, or when a regulator imposes rules concerning privacy or security or both. Moreover, differentiation can support the selection of proper means of defence. Therefore, there is a gap between the need to differentiate and the availability of an appropriate methodology to do so. This article introduces a robust methodology for differentiating between privacy and security, based on four basic components: the target of the attack, the nature of the cost, the presence of a trade-off, and the existence of consent. Since many situations involve both privacy and security, the methodology ranks their level independently. The research addresses several goals: alignment with the prevalent definitions and concepts in the literature; achieving objectivity; and a non-dichotomous classification. The application of this methodology was demonstrated in an empirical study with (Formula presented.) valid participants. The empirical study indicated significant differences between intuitive classification and methodology-based classification, thereby emphasising the need for this methodology.
AB - Security and privacy have become major issues. Although no one seriously claims that privacy and security are identical, most sources treat them as if they are. Differentiating between privacy and security is essential, for example, in those situations where there is a trade-off between the two concepts, or when a regulator imposes rules concerning privacy or security or both. Moreover, differentiation can support the selection of proper means of defence. Therefore, there is a gap between the need to differentiate and the availability of an appropriate methodology to do so. This article introduces a robust methodology for differentiating between privacy and security, based on four basic components: the target of the attack, the nature of the cost, the presence of a trade-off, and the existence of consent. Since many situations involve both privacy and security, the methodology ranks their level independently. The research addresses several goals: alignment with the prevalent definitions and concepts in the literature; achieving objectivity; and a non-dichotomous classification. The application of this methodology was demonstrated in an empirical study with (Formula presented.) valid participants. The empirical study indicated significant differences between intuitive classification and methodology-based classification, thereby emphasising the need for this methodology.
KW - Privacy
KW - differentiating methodology
KW - ranking
KW - security
KW - trade-off
UR - http://www.scopus.com/inward/record.url?scp=85174888127&partnerID=8YFLogxK
U2 - 10.1080/0144929X.2023.2262611
DO - 10.1080/0144929X.2023.2262611
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85174888127
SN - 0144-929X
VL - 43
SP - 2945
EP - 2965
JO - Behaviour and Information Technology
JF - Behaviour and Information Technology
IS - 12
ER -