Information Security Jobs: Privacy Standards
The term privacy has several meanings and interpretations. However, it is especially important in information security. In several contexts, privacy is a social and political hot button. But this discussion is focused on how privacy pertains to business and information security. First, a definition: Privacy is concerned with the safeguarding and proper use of citizens’ personal and sensitive information.
Let’s dissect this definition a little more:
Safeguarding personally sensitive information: In this vein, privacy is information security focused on one type of data — that of citizens’ personal information. In practice, protecting personally sensitive information is really not any different from protecting any other information in an organization. For people to do their jobs, they need to understand how this information is collected, stored, processed, and removed. Then you can use the tools in your toolboxes to maximize protection.
Proper use of personally sensitive information: Mainly, is the data safeguarded, and is it used only for purposes explicitly stated, or is it also sold to marketing companies who will bombard people with unwanted emails, telephone calls, and junk mail? This aspect of privacy is of concern to us, but it’s somewhat outside our core concern — unless you’re the chief privacy officer in an organization, in which case it’s your main concern!
Permitted uses of private information
Cookies, beacons, and other online tracking
In the online world, many people are wary of the methods used by certain organizations to track users’ Internet usage for the purpose of delivering targeted advertising. One of the more controversial practices is Google’s method of reading the contents of an e‐mail message and delivering ads to the user based on keywords in the message.
Another less controversial method, but one that still has many persons’ blood boiling, is the use of tracking cookies, web beacons, and other tricks to track the Internet site visitation habits of individual users.
Cookies are small data objects sent from a website and stored by a user’s browser on the user’s local computer. There are three types of cookies used today:
Tracking cookie: This cookie is typically used to improve a user’s experience when visiting a website. For instance, tracking cookies store a user’s language preference, landing page, currency, and so on. A tracking cookie is also called a persistent cookie and originates from the same domain in the browser’s address bar.
Third‐party cookie: This tracking cookie is sent from a website not in the browser’s address bar. Third‐party cookies are often used for advertising tracking and other uses often not associated with the core functionality of the website that a user is visiting.
Web beacons, also known as web bugs or tracking bugs, are objects that a user’s browser or email client downloads when a user is viewing a web page or HTML‐encoded email message. When a user’s browser or email client downloads a web page or email message containing a web beacon, this downloading is logged in the beacon’s web server log, facilitating tracking of the viewing of the web page or email message by the user. Web beacons take the following forms:
1×1 GIF (image) file that is transparent or the same color as the web page, which makes it effectively invisible to the end user
1×1 HTML frame that is invisible to the user
Flash cookies are tracking objects similar to browser cookies and are used by Adobe Flash browser plug‐ins. Flash cookies can be used for purposes similar to those for tracking cookies.