ABSTRACT

Information security (often also somewhat less appropriately called “computer security”) involves protecting the con£- dentiality of data stored in computers and transmitted over networks, integrity of data, applications, systems, and network devices, and accessibility of data, applications, databases, systems, network services, and so forth (Bernstein et al. 1995). Information security professionals have also become increasingly interested in the goal of nonrepudiation or nondeniability, which means preventing individuals who have initiated electronic transactions from denying that they have done so, and auditability, which means ensuring that each user’s actions are recorded so that all users can be held accountable for their actions. “Privacy” refers to individuals being able to control what kinds of information is being collected about them, £nd out if this information is being suitably protected against unauthorized access, and being able to “opt out” if they do not want others to collect, process, and store this information.