A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Security and Communication Networks ◽

10.1155/2017/2057260 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 9

Author(s):

Chalee Vorakulpipat ◽

Soontorn Sirapaisan ◽

Ekkachan Rattanalerdnusorn ◽

Visut Savangsuk

Keyword(s):

Information Security ◽

Data Privacy ◽

Location Privacy ◽

Bring Your Own Device ◽

System Level ◽

Centralized Control ◽

Organizational Challenges ◽

Security Research ◽

Recent Trends ◽

Privacy And Confidentiality

Today, many organizations allow their employees to bring their own smartphones or tablets to work and to access the corporate network, which is known as a bring your own device (BYOD). However, many such companies overlook potential security risks concerning privacy and confidentiality. This paper provides a review of existing literature concerning the preservation of privacy and confidentiality, with a focus on recent trends in the use of BYOD. This review spans a large spectrum of information security research, ranging from management (risk and policy) to technical aspects of privacy and confidentiality in BYOD. Furthermore, this study proposes a policy-based framework for preserving data confidentiality in BYOD. This framework considers a number of aspects of information security and corresponding techniques, such as policy, location privacy, centralized control, cryptography, and operating system level security, which have been omitted in previous studies. The main contribution is to investigate recent trends concerning the preservation of confidentiality in BYOD from the perspective of information security and to analyze the critical and comprehensive factors needed to strengthen data privacy in BYOD. Finally, this paper provides a foundation for developing the concept of preserving confidentiality in BYOD and describes the key technical and organizational challenges faced by BYOD-friendly organizations.

Download Full-text

Enterprise Architecture as Context and Method for Designing and Implementing Information Security and Data Privacy Controls in Government Agencies

Advances in Government Enterprise Architecture ◽

10.4018/978-1-60566-068-4.ch015 ◽

2010 ◽

pp. 340-370

Author(s):

Scott Bernard ◽

Shuyuan Mary Ho

Keyword(s):

Information Security ◽

Data Privacy ◽

Enterprise Architecture ◽

Security And Privacy ◽

System Level ◽

Security Architecture ◽

Government Agencies ◽

Information Flows ◽

Work Processes ◽

The Face

Government agencies are committing an increasing amount of resources to information security and data privacy solutions in order to meet legal and mission requirements for protecting agency information in the face of increasingly sophisticated global threats. Enterprise Architecture (EA) provides an agency-wide context and method that includes a security sub-architecture which can be used to design and implement effective controls. EA is scalable, which promotes consistency and alignment in controls at the enterprise, program, and system levels. EA also can help government agencies improve existing security and data privacy programs by enabling them to move beyond a system-level perspective and begin to promote an enterprise-wide view of security and privacy, as well as improve the agility and effectiveness of lifecycle activities for the development, implementation, and operation of related security and privacy controls that will assure the confidentiality, integrity, and availability of the agency’s data and information. This chapter presents the EA3 “Cube” EA methodology and framework, including an integrated security architecture, that is suitable for use by government agencies for the development of risk-adjusted security and privacy controls that are designed into the agency’s work processes, information flows, systems, applications, and network infrastructure.

Download Full-text

The 15th International Information Security Research Consortium (IISRC) Conference

International Affairs ◽

10.21557/iaf.51401259 ◽

2018 ◽

Vol 64 (003) ◽

pp. 133-182

Keyword(s):

Information Security ◽

Security Research ◽

Research Consortium

Download Full-text

Protecting a whale in a sea of phish

Journal of Information Technology ◽

10.1177/0268396220918594 ◽

2020 ◽

Vol 35 (3) ◽

pp. 214-231

Author(s):

Daniel Pienta ◽

Jason Bennett Thatcher ◽

Allen Johnston

Keyword(s):

Information Security ◽

Real World ◽

Spillover Effects ◽

Directed Attention ◽

Future Directions ◽

Security Research ◽

Email Message ◽

Multiple Domains ◽

Future Information

Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

Download Full-text

Authentication System for Biometric Applications Using Mobile Devices

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.457-458.1224 ◽

2013 ◽

Vol 457-458 ◽

pp. 1224-1227

Author(s):

Jian Feng Hu ◽

Zhen Dong Mu

Keyword(s):

Information Security ◽

Mobile Devices ◽

Information Exchange ◽

Mobile Platform ◽

Eeg Signal ◽

Information Protection ◽

Security Research ◽

Authentication System ◽

Identification Tool

Mobile equipment has now become a new platform for information exchange, spend a lot of information exchange, how to effectively protect the mobile platform information security? Research has shown that, EEG signal can be used as identification tool, the user's information protection and good, this paper to protect the information security of mobile devices to research how to use EEG; the EEG signal is feasible for mobile equipment identification.

Download Full-text

Complying with Privacy Legislation: From Legal Text to Implementation of Privacy-Aware Location-Based Services

ISPRS International Journal of Geo-Information ◽

10.3390/ijgi7110442 ◽

2018 ◽

Vol 7 (11) ◽

pp. 442 ◽

Cited By ~ 1

Author(s):

Mehrnaz Ataei ◽

Auriol Degbelo ◽

Christian Kray ◽

Vitor Santos

Keyword(s):

Data Privacy ◽

Location Privacy ◽

Service Providers ◽

Location Based Services ◽

Legal Text ◽

General Data Protection Regulation ◽

Location Data ◽

Privacy Laws ◽

Technical Issues ◽

General Data

An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.

Download Full-text

Decentralized collaborative TTP free approach for privacy preservation in location based services

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v9i6.pp5376-5385 ◽

2019 ◽

Vol 9 (6) ◽

pp. 5376

Author(s):

Ajaysinh Devendrasinh Rathod ◽

Saurabh Shah ◽

Vivaksha J. Jariwala

Keyword(s):

Privacy Preservation ◽

Location Privacy ◽

Emergency Services ◽

Personal Information ◽

Personal Digital Assistant ◽

Minimum Cost ◽

Location Based Services ◽

Third Party ◽

Trusted Third Party ◽

Recent Trends

In recent trends, growth of location based services have been increased due to the large usage of cell phones, personal digital assistant and other devices like location based navigation, emergency services, location based social networking, location based advertisement, etc. Users are provided with important information based on location to the service provider that results the compromise with their personal information like user’s identity, location privacy etc. To achieve location privacy of the user, cryptographic technique is one of the best technique which gives assurance. Location based services are classified as Trusted Third Party (TTP) & without Trusted Third Party that uses cryptographic approaches. TTP free is one of the prominent approach in which it uses peer-to-peer model. In this approach, important users mutually connect with each other to form a network to work without the use of any person/server. There are many existing approaches in literature for privacy preserving location based services, but their solutions are at high cost or not supporting scalability. In this paper, our aim is to propose an approach along with algorithms that will help the location based services (LBS) users to provide location privacy with minimum cost and improve scalability.

Download Full-text

David Kenny (1940–2011): Informatician who established some of the first principles of data privacy and confidentiality

Informatics in Primary Care ◽

10.14236/jhi.v20i1.50 ◽

2013 ◽

Vol 20 (1) ◽

pp. 75-76

Author(s):

Barry Barber ◽

Maureen Scholes ◽

Michael Fairey ◽

Jean Roberts

Keyword(s):

First Principles ◽

Data Privacy ◽

Privacy And Confidentiality

Download Full-text

The Challenges of Effectively Anonymizing Network Data

International Journal of Pharmacology and Pharmaceutical Technology ◽

10.47893/ijppt.2013.1003 ◽

2013 ◽

pp. 15-22

Author(s):

Ch. Himabindu

Keyword(s):

Network Security ◽

Information Security ◽

Data Collection ◽

Network Data ◽

Sensitive Information ◽

Security Testing ◽

The Past ◽

Technical Leadership ◽

Security Research ◽

Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

Download Full-text

In their own words: employee attitudes towards information security

Information and Computer Security ◽

10.1108/ics-04-2018-0042 ◽

2018 ◽

Vol 26 (3) ◽

pp. 327-337 ◽

Cited By ~ 4

Author(s):

Debi Ashenden

Keyword(s):

Information Security ◽

Employee Attitudes ◽

Individual Responsibility ◽

Social Acceptability ◽

Personal Construct ◽

Design Data ◽

Content Type ◽

Repertory Grids ◽

Personal Construct Psychology ◽

Security Research

Purpose The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research. Design/methodology/approach The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey. Findings The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks. Research limitations/implications The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation. Originality/value The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.

Download Full-text

Data Privacy and Confidentiality

International Encyclopedia of Statistical Science ◽

10.1007/978-3-642-04898-2_202 ◽

2011 ◽

pp. 342-345 ◽

Cited By ~ 3

Author(s):

Stephen E. Fienberg ◽

Aleksandra B. Slavković

Keyword(s):

Data Privacy ◽

Privacy And Confidentiality

Download Full-text