Abstract
In the age of big data, safeguarding personal data has become paramount to the responsible and trusted processing of information. Parallel to the discussion revolving around the power hidden behind data, rising concerns regarding the dangers of large-scale data processing have likewise taken the spotlight. At the center of this debate often arises the intertwined topics of security and privacy as the two main pillars of defense against breaches of personal information. Due to their nature, they often need clarification as their boundaries are still blurry. This misunderstanding can lead to ineffective security and privacy practices, resulting in increased risks to organizations and individuals. To solve this, the question then becomes: What is the relationship between security and privacy? Although this may be naively answered by citing the differing definitions of the two concepts - which is not as trivial due to privacy being quite challenging to define - the question begs a deeper investigation. Research has revealed that security is often conflated with privacy and vice versa. Nevertheless, while closely related, they are not the same; moreover, they cannot and should not be treated as such. This thesis builds upon the hypothesis that the relationship between security and privacy depends on the specific topic: While there are synergies in some areas, they sometimes have conflicting requirements or no overlap at all. The core of this thesis aims to paint a broad picture of the relationship between security and privacy in practice. Moreover, this thesis explores those areas of overlap and then further differentiates them between possible synergies and conflicts. Going one step further, the relationship between security and privacy might place the two notions at odds. Powerful technologies, such as Privacy-Enhancing Technologies (PETs), boast strict privacy guarantees to the point where security measures may become obsolete based on the nature of the data in question. Can this be the case in practice? After answering this, these results may be used as a basis for further research, e.g., to further analyze which PETs might replace or support traditional information security measures. This could lead to more straightforward and cost-effective security and privacy practices, which in turn might enhance the protection of personal information and increase security and privacy in general.
Research Questions:
Q1: What are the definitions of security and privacy, and how are these concepts related in theory?
Q2: From the viewpoint of information security experts, how do the concepts of security and privacy overlap in practice, and what are possible conflicting requirements or synergies?
Q3: To what extent can PETs fulfill information security requirements to replace information security measures in certain areas?
Name | Type | Size | Last Modification | Last Editor |
---|---|---|---|---|
230619 Felix Thorwächter Bachelor’s Thesis Kick Off.pdf | 2,60 MB | 19.06.2023 | ||
230915 Bachelor Thesis Felix Thorwächter.pdf | 2,12 MB | 14.09.2023 | ||
230925 Felix Thorwächter Bachelor’s Thesis Final Presentation.pdf | 3,30 MB | 28.09.2023 |