Security and Privacy in Information Management in a Distributed Environment for Public Organizations

Security and privacy problems in information management are evident in public organizations. The objective of this research is the analisys risks that these organizations run, since computer attacks have increased along with both internal and external threats. Causing information and database thefts, there are risk analysis methodologies which are oriented to the objective for the preservation of guaranteeing the security and privacy of the information. Were used the deductive method and exploratory research to analyze the articles in the references and in the information available online and MAGERIT methodology what protects the information in its integrity, confidentiality and availability guaranteeing the security of the system and processes of public organizations. It turned out a Control of Security and Privacy factors, Threat Probability, Risk Assessment Formula, Prototype of Risk Management for Public Organizations and Privacy and security factor formula. It was concluded that MAGERIT is an alternative what allow mitigate the vulnerabilitys, threat and risks its processes in public organizations for protecting their information.

Download Full-text

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

Future Internet ◽

10.3390/fi13020030 ◽

2021 ◽

Vol 13 (2) ◽

pp. 30

Author(s):

Dimitrios Papamartzivanos ◽

Sofia Anna Menesidou ◽

Panagiotis Gouvas ◽

Thanassis Giannetsos

Keyword(s):

Risk Assessment ◽

Impact Assessment ◽

Information And Communication Technologies ◽

Perfect Match ◽

Assessment Process ◽

Security And Privacy ◽

Full Potential ◽

Privacy Risk ◽

Privacy And Security ◽

Ict Infrastructure

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

Download Full-text

Website Information Security and Privacy Concerns in 4IR: The Moderating Role of Trust in B2C e-Commerce

10.29007/jlq6 ◽

2019 ◽

Author(s):

Thabang Mofokeng

Keyword(s):

South Africa ◽

Customer Satisfaction ◽

Customer Loyalty ◽

Success Factors ◽

Industrial Revolution ◽

Emerging Market ◽

Security And Privacy ◽

Future Research ◽

Privacy And Security ◽

Customer Trust

The technology devices introduced in recent years are not only vulnerable to Internet risks but are also unable to elevate the growth of B2C e-commerce. These concerns are particularly relevant today, as the world transitions into the Fourth Industrial Revolution. To date, existing research has largely focused on obstacles to customer loyalty. Studies have tested e-commerce models guided by the establishment of trusting, satisfied and loyal consumers in various international contexts. In South Africa, however, as an emerging market, there has been limited research on the success factors of online shopping.This study examines the influence of security and privacy on trust, seen as a moderator of customer satisfaction, which in turn, has an effect on loyalty towards websites. Based on an exhaustive review of literature, a conceptual model is proposed on the relationships between security and privacy on the one hand, and customer trust, satisfaction and loyalty on the other. A total of 250 structured, self-administered questionnaires was distributed to a purposively selected sample of respondents using face-to-face surveys in Johannesburg, South Africa. A multivariate data analysis technique was used to draw inferences from the data. With an 80.1% response rate, the findings showed that privacy and security do influence customer trust; security strongly influences customer trust and weakly influences satisfaction. In South Africa, customer loyalty towards websites is strongly determined by satisfaction and weakly determined by trust. Trust significantly moderates the effect of customer satisfaction on loyalty. The study implications and limitations are presented and future research directions are suggested.

Download Full-text

Security and Privacy Requirements for Electronic Consent

ACM Transactions on Computing for Healthcare ◽

10.1145/3433995 ◽

2021 ◽

Vol 20 (2) ◽

pp. 1-24

Author(s):

Stef Verreydt ◽

Koen Yskout ◽

Wouter Joosen

Keyword(s):

Security And Privacy ◽

Inclusion Criteria ◽

Comprehensive Overview ◽

Privacy And Security ◽

Pubmed Central ◽

Privacy Requirements ◽

Development Lifecycle ◽

Main Challenge ◽

Security Challenges ◽

Server Systems

Electronic consent (e-consent) has the potential to solve many paper-based consent approaches. Existing approaches, however, face challenges regarding privacy and security. This literature review aims to provide an overview of privacy and security challenges and requirements proposed by papers discussing e-consent implementations, as well as the manner in which state-of-the-art solutions address them. We conducted a systematic literature search using ACM Digital Library, IEEE Xplore, and PubMed Central. We included papers providing comprehensive discussions of one or more technical aspects of e-consent systems. Thirty-one papers met our inclusion criteria. Two distinct topics were identified, the first being discussions of e-consent representations and the second being implementations of e-consent in data sharing systems. The main challenge for e-consent representations is gathering the requirements for a “valid” consent. For the implementation papers, many provided some requirements but none provided a comprehensive overview. Blockchain is identified as a solution to transparency and trust issues in traditional client-server systems, but several challenges hinder it from being applied in practice. E-consent has the potential to grant data subjects control over their data. However, there is no agreed-upon set of security and privacy requirements that must be addressed by an e-consent platform. Therefore, security- and privacy-by-design techniques should be an essential part of the development lifecycle for such a platform.

Download Full-text

Assessing Users’ Privacy and Security Concerns of Smart Home Technologies

i-com ◽

10.1515/icom-2019-0015 ◽

2019 ◽

Vol 18 (3) ◽

pp. 197-216 ◽

Cited By ~ 1

Author(s):

Verena Zimmermann ◽

Paul Gerber ◽

Karola Marky ◽

Leon Böck ◽

Florian Kirchbuchner

Keyword(s):

Smart Home ◽

Elderly Care ◽

Security And Privacy ◽

Structured Interviews ◽

Privacy And Security ◽

Privacy Concerns ◽

Private Lives ◽

Societal Level ◽

Home Users

AbstractSmart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.

Download Full-text

Risk Assessment Method for Balancing Safety, Security, and Privacy in Medical IoT Systems with Remote Maintenance Function

2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C) ◽

10.1109/qrs-c51114.2020.00040 ◽

2020 ◽

Author(s):

Ryoichi Sasaki

Keyword(s):

Risk Assessment ◽

Assessment Method ◽

Security And Privacy ◽

Remote Maintenance ◽

Risk Assessment Method

Download Full-text

A review on Privacy-Preserving Data Preprocessing

10.54216/jcim.040202 ◽

2020 ◽

pp. 16-30

Author(s):

Mukesh Soni ◽

◽

YashKumar Barot ◽

...

Keyword(s):

Health Care ◽

Information Security ◽

Social Insurance ◽

Disease Outbreaks ◽

Security And Privacy ◽

Health Care Information ◽

Privacy And Security ◽

Healthcare Data ◽

Security Issues ◽

Care Information

Health care information has great potential for improving the health care system and also providing fast and accurate outcomes for patients, predicting disease outbreaks, gaining valuable information for prediction in future, preventing such diseases, reducing healthcare costs, and improving overall health. In any case, deciding the genuine utilization of information while saving the patient's identity protection is an overwhelming task. Regardless of the amount of medical data it can help advance clinical science and it is essential to the accomplishment of all medicinal services associations, at the end information security is vital. To guarantee safe and solid information security and cloud-based conditions, It is critical to consider the constraints of existing arrangements and systems for the social insurance of information security and assurance. Here we talk about the security and privacy challenges of high-quality important data as it is used mainly by the healthcare structure and similar industry to examine how privacy and security issues occur when there is a large amount of healthcare information to protect from all possible threats. We will discuss ways that these can be addressed. The main focus will be on recently analyzed and optimized methods based on anonymity and encryption, and we will compare their strengths and limitations, and this chapter closes at last the privacy and security recommendations for best practices for privacy of preprocessing healthcare data.

Download Full-text

Privacy and Security Issues in Online Social Networks

Future Internet ◽

10.3390/fi10120114 ◽

2018 ◽

Vol 10 (12) ◽

pp. 114 ◽

Cited By ~ 14

Author(s):

Shaukat Ali ◽

Naveed Islam ◽

Azhar Rauf ◽

Ikram Din ◽

Mohsen Guizani ◽

...

Keyword(s):

Social Networks ◽

Online Social Networks ◽

Virtual Communities ◽

Service Providers ◽

Security And Privacy ◽

Security Issue ◽

Sensitive Data ◽

Privacy And Security ◽

Security Issues ◽

Social Sphere

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

Download Full-text

Materialities between security and privacy: A constructivist account of airport security scanners

Security Dialogue ◽

10.1177/0967010615577855 ◽

2015 ◽

Vol 46 (4) ◽

pp. 326-344 ◽

Cited By ~ 16

Author(s):

Govert Valkenburg ◽

Irma van der Ploeg

Keyword(s):

Social Inequalities ◽

Security And Privacy ◽

Airport Security ◽

Privacy And Security ◽

Security Technologies ◽

Policy Choices ◽

Security Regime ◽

Security Problem ◽

Technical Issues ◽

The One

What concepts such as ‘security’ and ‘privacy’ mean in practice is not merely a matter of policy choices or value concepts, but is inherently tied up with the socio-material and technological arrangement of the practices in which they come to matter. In this article, one trajectory in the implementation of a security regime into the sociotechnical arrangement of airport security checking is reconstructed. During this trajectory, gradual modifications or ‘translations’ are performed on what are initially defined as the privacy and security problems. The notion of translation is used to capture the modifications that concepts undergo between different stages of the process: the initial security problem shifts, transforms and comes to be aligned with several other interests and values. We articulate how such translations take place in the material realm, where seemingly technical and natural-scientific givens take part in the negotiations. On the one hand, these negotiations may produce technologies that perform social inequalities. On the other hand, it is in this material realm that translations of problem definitions appear as simply technical issues, exempted from democratic governance. The forms of privacy and security that emerge in the end are thus specific versions with specific social effects, which do not follow in an obvious way from the generic, initial concepts. By focusing on problem definitions and their translations at various stages of the development, we explain how it is possible for potentially stigmatizing and privacy-encroaching effects to occur, even though the security technologies were introduced exactly to preclude those effects.

Download Full-text

Analysis of the Legal Basis to Mitigate Cyberbullying in Social Networks in Ecuador

Fuzzy Systems and Data Mining VI - Frontiers in Artificial Intelligence and Applications ◽

10.3233/faia200702 ◽

2020 ◽

Author(s):

Segundo Moisés Toapanta Toapanta ◽

Ingrid Lilibeth Tacuri López ◽

Luis Enrique Mafla Gallegos

Keyword(s):

Social Networks ◽

Critical Issue ◽

Exploratory Research ◽

Cyber Crime ◽

Not Given ◽

Legal Basis ◽

Judicial Process ◽

Applied Method ◽

Deductive Method ◽

Process Work

Cyberbullying is a critical issue in society worldwide, however in Ecuador is not given necessary importance to mitigate this cybercrime. It has been proposed to develop an exhaustive analysis of the laws that are currently considered to sanction cyberbullying when denouncing this fact. The deductive method and exploratory research were employed to make the analysis of the information consulted from the various sources that are obtained on the network about the topic discussed. The investigation revealed how cyberbullying cases arise, from which it is obtained that only 0.07% have been reported, with this result it can be deduced that the number of reported cases is very low in relation to the total number of cellphones activated in Ecuador and people who may be victims of this cyber-crime. In addition, a “Criminal Process Diagram” was obtained that determines the sequence of how the judicial process work. The applied method resulted the following: Can be created a law project that battles each type of derived cyberbullying. It was concluded that several institutions in Ecuador work together with organizations to prevent cyberbullying, however, when this happens, the laws are not enough to punish the act.

Download Full-text

Security and Privacy Risk Assessment of Energy Big Data in Cloud Environment

Computational Intelligence and Neuroscience ◽

10.1155/2021/2398460 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Zhiru Li ◽

Wei Xu ◽

Huibin Shi ◽

Yuanyuan Zhang ◽

Yan Yan

Keyword(s):

Neural Network ◽

Risk Factors ◽

Risk Assessment ◽

Big Data ◽

Data Storage ◽

Bp Neural Network ◽

Security And Privacy ◽

Cloud Environment ◽

Privacy Risk ◽

Whole Life Cycle

Considering the importance of energy in our lives and its impact on other critical infrastructures, this paper starts from the whole life cycle of big data and divides the security and privacy risk factors of energy big data into five stages: data collection, data transmission, data storage, data use, and data destruction. Integrating into the consideration of cloud environment, this paper fully analyzes the risk factors of each stage and establishes a risk assessment index system for the security and privacy of energy big data. According to the different degrees of risk impact, AHP method is used to give indexes weights, genetic algorithm is used to optimize the initial weights and thresholds of BP neural network, and then the optimized weights and thresholds are given to BP neural network, and the evaluation samples in the database are used to train it. Then, the trained model is used to evaluate a case to verify the applicability of the model.

Download Full-text