This paper reviews a range of current MIS research literature to identify research topics in information security and privacy. Results of this study indicate IT security provides the basis of current research in the area of information security and privacy. The results of this study reveal limited research in this area, particularly at the organizational level. One conclusion is that this lack of research results from organizational unwillingness to share information and statistics on security. Another conclusion is that research is needed in the area of information privacy. One area of future research may be organizational privacy policies. Two particular areas of interest may be user perceptions of privacy policies and opt-in/opt-out policies and procedures. Additionally, research related to individuals’ concern for information privacy may be less problematic to study than organizational security issues. Research in this area is important because user concern for information privacy has the potential to affect the future of e-commerce.