Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
Security vs. Privacy | IBM Technology | YouTubeToText
YouTube Transcript: Security vs. Privacy
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
The core theme is the distinction and relationship between security and privacy, emphasizing that while security protects organizational assets, privacy focuses on individual rights concerning their data, and that true privacy relies on a foundation of robust security.
if you aren't paying for it you are the
product not the
customer that's true in almost
everything think about your social media
go ahead and try to call customer
support do you know the number I'll give
you a minute to look it up okay you
can't find it you know why you didn't
pay for it that means you are in fact
their product and products don't get to
call customer support so are you getting
a good deal as a product of for this
free service that's what you have to
decide and that's a question of privacy
and are is that organization giving you
enough value for the information you're
giving to them and how they're
monetizing that and in particular do
they have the security mechanisms in
place in order to ensure that privacy
security and privacy are really
important in all of this what's the
relationship between the two sometimes
people use the terms interchangeably are
they the same thing are they different
are they at opposite ends of the
spectrum let's take a look at that in
this video and understand the
relationship between security and
privacy okay let's take a look at this
relationship between security and
privacy and see what we can learn so
let's look at a number of different
factors here first of all the principles
that are involved in security versus
privacy well in security as you've if
you've seen my videos before I do a lot
of talking about this thing called the
CIA Triad where its
confidentiality its Integrity uh and its
availability and these are the three
things that we're doing in security all
the time we're trying to make sure that
only authorized people can read
sensitive data we're trying to make sure
that the data has not been modified that
it has integrity and we're trying to
make sure that the system is up and
available to the people who are supposed
to have access to it so CIA
confidentiality integrity and availability
availability
that's the concern of security privacy
also adds to that uh some other factors
things like notice in other words if I'm
going to be using your data I should let
you know about that and I should make
sure that you provide consent you agree
to my use of the data and that it's
informed consent not just one of those
things where we've got thousands and
thousands of words and you can't read
through it or understand on the
agreement you just say yes please take
me through but real informed consent
that's what would be involved in real
privacy told you what I'm going to use
your data for you've agreed to it and
then that there is
transparency in the system in other
words I want to make sure that uh the
way the data gets used is in fact
verifiable and these are the kinds of
things that add to your confidence and
add to your sense of privacy in a system
how about the Target in other words what
would an attacker be after
that we're trying to guard against from
a security standpoint well it would be
digital crown jewels it would be things
like intellectual property that the
organization has like patents or plans
or things like that uh business plans as
I just mentioned uh it could be pricing
could be customer databases this kind of
stuff that's what we're really focused
on from a security standpoint typically
with organizations now over here on this
side what are the things from a privacy
standpoint well uh we're going to be
looking at things like personal health
information uh or personally
identifiable information your name your
address uh your date of birth your
social security number national ID
number uh credit card numbers things
like that uh these could all be part of
what we're trying to guard against in
terms of privacy now let's take a look
at threat actors so who are the people
we're trying to guard against over here
well we've got these bad guys these
attackers and they want to try to get
into the system so it's basically
hackers that we're concerned with we
tend to think of them as Outsiders they
could be inside attackers but in in
other words these are the attackers that
we see over here on the Privacy side not
only do we have the threat that of
hackers that I just mentioned from a
security standpoint but in fact we could
even experience an attack from within
the organization that is collecting all
of our information so that company
that's collecting all that information
how are they using your information
they could in fact be the bad actor if
we're not careful if these policies and
procedure are not really followed well
how about regulations well there are
industrywide regulations and it depends
on what Market what industry you're in
as to what regulations will apply to you
but in particular uh for instance the
credit card payment system PCI pedit
card uh the payment card industry data
security standard is a well-known global
standard that must be followed if
organizations are going to process ped
uh credit cards some other things uh a
us specific example sarbanes Oxley is
something that involves companies that
are publicly traded and that their
information has to be secure and
verified there are a lot of other
examples now how about regulations on
this other side on privacy well in
Europe in particular there's the
generalized data protection regulation
gdpr and I say in Europe but in fact it
affects companies all around the world
uh you should talk to your lawyers to
find out whether you are subject to this
but I'll just say just because your
organization doesn't operate in Europe
doesn't mean you're free from from the
the responsibilities of gdpr and they
are extensive and the penalties are
extensive for instance one of the things
gdpr in uh introduces is the right to be
forgotten that is all of my information
that I've given this organization if I
later change my mind and say pretend I
never was here forget you ever knew me
they have to get rid of that and all the
people they've shared it with have to be
able to do the same thing that's not
necessarily an easy thing to do uh We've
also got things like in the US uh the
Hippa uh the health information
portability uh act don't remember the
full acronym but that's what it's about
health information and trying to
preserve that there are other examples
but you see that there regulations on
both sides of this
equation now what's the primary target
of the attacker over here on this side
when we're dealing with a security case well
well
it's basically the business trying to
look out for their own bottom line
they're trying to make sure that their
information is not stolen that puts them
out of business and that the their
competitors don't have their information
and things like that so they're looking
to maintain operations however over here
on this side the privacy side of this
the real primary concern is in fact the
individual in other words I'm concerned
about my privacy the business may not be
as concerned about my privacy they're
concerned about security so it tends to
be that businesses need security and
individuals need privacy but hopefully
you have understood from looking at this
that there is a relationship between the
two of these and in fact security is the
Baseline that we need need and we build
privacy on top of that so it's not
security versus privacy it's Security
Plus privacy because I can't have these
things if I don't have these
things so let's take a look at a couple
of different business models when it
comes to security and privacy so one
model is basically this it's your data
equals our business what does that end
up looking like well you've got some
person here and they're going to send
their data into a service again this
could be social media this could be an
e-commerce site it could be a lot of
different things they send their data in
but then this organization also
interacts with other organizations and
they forward that data to a lot of these
other organizations why do they do that
well because they're getting money back
in each one of these cases so in that
case your data that you're putting in
you're paying nothing for this but
they're monetizing Ing and being able to
pay for this on the back end by selling
your data to other organizations so
that's the your data is our business and
uh not so good for this guy unless he's
fully aware of everything that's
happening in that case now another
business model is basically this your
data equals your data in this case our
user sends their data into a service of
some sort that service uses the
information but doesn't send it on so
how are they able to support their
business well it's because you're also
having to probably pay for that so
you're putting something in but in
exchange it's your data remains your
data the bottom line is Enlighten
businesses understand that protecting
customer privacy is in their best
interest even if they have this type of
model they still should follow
procedures and policies that protect the
user's information because as you from
this security and privacy are very
important both to the business and to
users and enlightened businesses realize
they need
both if you like this video and want to
see more like it please like And
subscribe if you have any questions or
want to share your thoughts about this
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
