Protecting Personal Data: Can IT Security Management Standards Help?

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Giovanni Iachello

19th Annual Computer Security Applications Conference (ACSAC '03)

Protecting Personal Data: Can IT Security Management Standards Help?

Las Vegas, Nevada

December 08-December 12

ISBN: 0-7692-2041-3

	ASCII Text	x
	Giovanni Iachello, "Protecting Personal Data: Can IT Security Management Standards Help?," Computer Security Applications Conference, Annual, pp. 266, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.

	BibTex	x
	@article{ 10.1109/CSAC.2003.1254331, author = {Giovanni Iachello}, title = {Protecting Personal Data: Can IT Security Management Standards Help?}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2003}, issn = {1063-9527}, pages = {266}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254331}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Protecting Personal Data: Can IT Security Management Standards Help? SN - 1063-9527 SP EP A1 - Giovanni Iachello, PY - 2003 KW - personal data protection KW - privacy KW - information security management KW - IS17799 KW - multilateral security KW - HIPAA VL - 0 JA - Computer Security Applications Conference, Annual ER -

Giovanni Iachello, Georgia Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254331

Compelled to improve information security by the introduction of personal data protection legislation, organizations worldwide are adopting standardized security management guidelines to inform their internal processes. This paper analyzes whether existing security management standards support process requirements for personal data management, drawing from experience with security policies in private organizations and through an analysis of current European and US legislation. Various aspects of personal data management not commonly addressed by security standards are identified, and a number of generally applicable enhancements are proposed to one common standard, IS17799. The appropriateness of including data protection guidelines in security standards is discussed, showing how these enhancements could simplify the definition of personal data management procedures in organizations.

Index Terms:

personal data protection, privacy, information security management, IS17799, multilateral security, HIPAA

Citation:

Giovanni Iachello, "Protecting Personal Data: Can IT Security Management Standards Help?," acsac, pp.266, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.