Separating the Siamese twins: a proposed methodology for differentiating between privacy and security.

Security and privacy have become major issues. Although no one seriously claims that privacy and security are identical, most sources treat them as if they are. Differentiating between privacy and security is essential, for example, in those situations where there is a trade-off between the two concepts, or when a regulator imposes rules concerning privacy or security or both. Moreover, differentiation can support the selection of proper means of defence. Therefore, there is a gap between the need to differentiate and the availability of an appropriate methodology to do so. This article introduces a robust methodology for differentiating between privacy and security, based on four basic components: the target of the attack, the nature of the cost, the presence of a trade-off, and the existence of consent. Since many situations involve both privacy and security, the methodology ranks their level independently. The research addresses several goals: alignment with the prevalent definitions and concepts in the literature; achieving objectivity; and a non-dichotomous classification. The application of this methodology was demonstrated in an empirical study with $n = 155$ n = 155 valid participants. The empirical study indicated significant differences between intuitive classification and methodology-based classification, thereby emphasising the need for this methodology. [ABSTRACT FROM AUTHOR]