Security refers to the range of administrative, technical and physical mechanisms that aim to preserve privacy and confidentiality, by restricting information access to authorized "knowers" for authorized purposes.

Computer and communications security efforts also have the goal of assuring the accuracy and timely availability of data for the legitimate user set, as well as promoting failure resistance in the electronic systems overall.

There is a tendency to focus on technical measures, such as encryption, when discussing information security. Relatively simple physical protections, such as restricting access to areas with computers, fax machines, etc., can be just as important.

Most important are the "administrative" (policy and procedural) efforts, from the rules about "who may see what" to details such as how userids and passwords are disseminated. Even the most sophisticated technical and physical measures will be defeated by bad practices.

As in physical contexts, increased information security raises costs. The explicit expense comes in outlays for additional computer and telecommunications hardware, associated software, and technically-trained personnel. The implicit cost stems from the time and inconvenience to legitimate users as they navigate across protective barriers (such as logging in and presenting passwords), and endure the strictures of security-enhancing administrative procedures.

The balance is in part a engineering question of costs and system capabilities given available technologies -- a balance which is ever shifting. It is also, fundamentally, a political question: How much privacy and confidentiality does a society or a particular organization in that society want? What will it "trade" for it?

Terms like privacy, confidentiality and security often bring more confusion than clarity, given the range of meanings in play. Accordingly, the label data protection has been coined to encompass the range of legal, regulatory and institutional mechanisms that guide collection, use and disclosure of information. (The term is more commonly used in Europe than in the US.)

See also:

• fair information principles and practices

Last modified: 12-May-2005 [RC]