scholarly journals A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

2021 ◽  
Vol 13 (2) ◽  
pp. 30
Author(s):  
Dimitrios Papamartzivanos ◽  
Sofia Anna Menesidou ◽  
Panagiotis Gouvas ◽  
Thanassis Giannetsos
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Information And Communication Technologies ◽  
Perfect Match ◽  
Assessment Process ◽  
Security And Privacy ◽  
Full Potential ◽  
Privacy Risk ◽  
Privacy And Security ◽  
Ict Infrastructure

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

scholarly journals Security and Privacy in Information Management in a Distributed Environment for Public Organizations

2020 ◽  
Author(s):  
Segundo Moisés Toapanta Toapanta ◽  
Yaritza Julieth Terán Terranova ◽  
Bertha Alice Naranjo Sánchez ◽  
Luis Enrique Mafla Gallegos
Keyword(s):  
Risk Assessment ◽  
Information Management ◽  
Public Organizations ◽  
Security And Privacy ◽  
Exploratory Research ◽  
Distributed Environment ◽  
Privacy And Security ◽  
External Threats ◽  
Deductive Method ◽  
Computer Attacks

Security and privacy problems in information management are evident in public organizations. The objective of this research is the analisys risks that these organizations run, since computer attacks have increased along with both internal and external threats. Causing information and database thefts, there are risk analysis methodologies which are oriented to the objective for the preservation of guaranteeing the security and privacy of the information. Were used the deductive method and exploratory research to analyze the articles in the references and in the information available online and MAGERIT methodology what protects the information in its integrity, confidentiality and availability guaranteeing the security of the system and processes of public organizations. It turned out a Control of Security and Privacy factors, Threat Probability, Risk Assessment Formula, Prototype of Risk Management for Public Organizations and Privacy and security factor formula. It was concluded that MAGERIT is an alternative what allow mitigate the vulnerabilitys, threat and risks its processes in public organizations for protecting their information.

scholarly journals Security and Privacy Risk Assessment of Energy Big Data in Cloud Environment

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Zhiru Li ◽  
Wei Xu ◽  
Huibin Shi ◽  
Yuanyuan Zhang ◽  
Yan Yan
Keyword(s):  
Neural Network ◽  
Risk Factors ◽  
Risk Assessment ◽  
Big Data ◽  
Data Storage ◽  
Bp Neural Network ◽  
Security And Privacy ◽  
Cloud Environment ◽  
Privacy Risk ◽  
Whole Life Cycle

Considering the importance of energy in our lives and its impact on other critical infrastructures, this paper starts from the whole life cycle of big data and divides the security and privacy risk factors of energy big data into five stages: data collection, data transmission, data storage, data use, and data destruction. Integrating into the consideration of cloud environment, this paper fully analyzes the risk factors of each stage and establishes a risk assessment index system for the security and privacy of energy big data. According to the different degrees of risk impact, AHP method is used to give indexes weights, genetic algorithm is used to optimize the initial weights and thresholds of BP neural network, and then the optimized weights and thresholds are given to BP neural network, and the evaluation samples in the database are used to train it. Then, the trained model is used to evaluate a case to verify the applicability of the model.

scholarly journals The Development of Learning Regions in New Zealand: An ICT Perspective

2021 ◽  
Author(s):  
◽  
Janet Mary Toland
Keyword(s):  
Social Networks ◽  
New Zealand ◽  
Information And Communication Technologies ◽  
Local Community ◽  
Full Potential ◽  
Quality Of Information ◽  
Regional Area ◽  
Learning Region ◽  
Ict Infrastructure

<p>The term "Learning Region" is used to identify a region which is innovative, economically successful, and inhabited by citizens who are active members of their local community. Such regions are characterised by strong links between local businesses, community groups, and education providers. Within a regional area interaction and exchange of information is easier and cheaper than in a national or international context. The success of an individual organisation is directly related to the quality of information available locally. Information technology can be an important tool in improving the flow of knowledge between the stakeholders within a region. The study examines the role that information and communication technologies (ICTs) play in the development of learning regions in New Zealand, and how they can be used to improve the quality of information flows both within the region itself, and between the region and the outside world. In particular the research considers what contribution ICTs make to organisational learning and innovation. Historical methods are used to build up a picture of the significant changes that have taken place within two contrasting regions of New Zealand between 1985 and 2005. The two selected regions are Southland and Wellington. Data was collected by searching regional newspapers, and conducting interviews with key figures in each region. A "6-I" framework of the "ideal" features of a learning region was developed from the literature review and this was used to analyse the data. The findings show a clear linear progression in terms of the development of hard ICT based networks, but a less clear pattern in terms of soft social networks where the same issues were revisited a number of times over the years. Though there was evidence of a relationship between the soft networks that existed at the regional level and the utilisation of hard ICT networks within a region it was difficult to quantify. Hard and soft networks evolve differently over time and the relationship between the two is nuanced. Both regions were successful in setting up high quality ICT networks. However, with the exception of the education sector, both regions struggled to co-ordinate their soft networks. Though good social capital existed in each region, especially in Southland, it was located in different interest groups and was not easy to bring together. This lack of co-ordination meant that the possibilities opened up by ICT infrastructure in terms of increasing innovation were not fully realised. Both regions demonstrated many of the characteristics of learning regions but neither region was able to bring all aspects together to reach their full potential. The thesis demonstrates the important role that soft social networks play in the successful utilisation of ICT networks within a regional setting.</p>

scholarly journals The Development of Learning Regions in New Zealand: An ICT Perspective

2021 ◽  
Author(s):  
◽  
Janet Mary Toland
Keyword(s):  
Social Networks ◽  
New Zealand ◽  
Information And Communication Technologies ◽  
Local Community ◽  
Full Potential ◽  
Quality Of Information ◽  
Regional Area ◽  
Learning Region ◽  
Ict Infrastructure

<p>The term "Learning Region" is used to identify a region which is innovative, economically successful, and inhabited by citizens who are active members of their local community. Such regions are characterised by strong links between local businesses, community groups, and education providers. Within a regional area interaction and exchange of information is easier and cheaper than in a national or international context. The success of an individual organisation is directly related to the quality of information available locally. Information technology can be an important tool in improving the flow of knowledge between the stakeholders within a region. The study examines the role that information and communication technologies (ICTs) play in the development of learning regions in New Zealand, and how they can be used to improve the quality of information flows both within the region itself, and between the region and the outside world. In particular the research considers what contribution ICTs make to organisational learning and innovation. Historical methods are used to build up a picture of the significant changes that have taken place within two contrasting regions of New Zealand between 1985 and 2005. The two selected regions are Southland and Wellington. Data was collected by searching regional newspapers, and conducting interviews with key figures in each region. A "6-I" framework of the "ideal" features of a learning region was developed from the literature review and this was used to analyse the data. The findings show a clear linear progression in terms of the development of hard ICT based networks, but a less clear pattern in terms of soft social networks where the same issues were revisited a number of times over the years. Though there was evidence of a relationship between the soft networks that existed at the regional level and the utilisation of hard ICT networks within a region it was difficult to quantify. Hard and soft networks evolve differently over time and the relationship between the two is nuanced. Both regions were successful in setting up high quality ICT networks. However, with the exception of the education sector, both regions struggled to co-ordinate their soft networks. Though good social capital existed in each region, especially in Southland, it was located in different interest groups and was not easy to bring together. This lack of co-ordination meant that the possibilities opened up by ICT infrastructure in terms of increasing innovation were not fully realised. Both regions demonstrated many of the characteristics of learning regions but neither region was able to bring all aspects together to reach their full potential. The thesis demonstrates the important role that soft social networks play in the successful utilisation of ICT networks within a regional setting.</p>

scholarly journals Automated Cyber and Privacy Risk Management Toolkit

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5493
Author(s):  
Gustavo Gonzalez-Granadillo ◽  
Sofia Anna Menesidou ◽  
Dimitrios Papamartzivanos ◽  
Ramon Romeu ◽  
Diana Navarro-Llobet ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Impact Assessment ◽  
Software Tools ◽  
Internet Security ◽  
Healthcare Organisation ◽  
Privacy Risk ◽  
Case Scenario ◽  
Privacy Risks ◽  
Cyber Risk

Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (Automated Cyber and Privacy Risk Management Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit in the academic literature that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

scholarly journals GEOINFO: impactos sociais do repositório de dados de pesquisa da EMBRAPA

2020 ◽  
pp. 145-149
Author(s):  
Daniela Maciel Pinto ◽  
Geraldo Stachetti Rodrigues ◽  
Gustavo Spadotti Amaral Castro ◽  
Gisele Vilela Freitas ◽  
Angelo Mansur Mendes ◽  
...  
Keyword(s):  
Impact Assessment ◽  
Information And Communication Technologies ◽  
Information Science ◽  
Science Studies ◽  
Agricultural Research ◽  
Research Data ◽  
Social Dimension ◽  
Assessment Process ◽  
Data Repositories ◽  
The Impact

GeoInfo is a repository that provides the spatial research data generated by the Brazilian Agricultural Research Corporation (EMBRAPA) to understand the dynamics of agriculture in Brazilian territory. Considering the efforts required for the implantation and institutionalization of the repository, the absence of Information Science studies related to the investigation of the impact of the uses made from the data and information made available in research data repositories, as well as the impact assessment process used by EMBRAPA since 1989, it is opportune to investigate the impact of the repository for its target audience, that is, geoscience specialists. Thus, the objective of this work is to present the results of an impact assessment carried out with GeoInfo, based on the “Ambitec-TICs: Module of criteria and impact indicators for Information and Communication Technologies”, specifically for the social dimension, existing at Ambitec-TICs

scholarly journals A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

2021 ◽  
Vol 28 (6) ◽  
pp. 1-50
Author(s):  
Verena Distler ◽  
Matthias Fassl ◽  
Hana Habib ◽  
Katharina Krombholz ◽  
Gabriele Lenzini ◽  
...  
Keyword(s):  
Literature Review ◽  
Systematic Literature Review ◽  
Human Subjects ◽  
Security And Privacy ◽  
Empirical Methods ◽  
Privacy Risk ◽  
Privacy And Security ◽  
Security Research ◽  
Human Participants ◽  
Risk Representation

Usable privacy and security researchers have developed a variety of approaches to represent risk to research participants. To understand how these approaches are used and when each might be most appropriate, we conducted a systematic literature review of methods used in security and privacy studies with human participants. From a sample of 633 papers published at five top conferences between 2014 and 2018 that included keywords related to both security/privacy and usability, we systematically selected and analyzed 284 full-length papers that included human subjects studies. Our analysis focused on study methods; risk representation; the use of prototypes, scenarios, and educational intervention; the use of deception to simulate risk; and types of participants. We discuss benefits and shortcomings of the methods, and identify key methodological, ethical, and research challenges when representing and assessing security and privacy risk. We also provide guidelines for the reporting of user studies in security and privacy.

scholarly journals DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

2020 ◽  
Vol 12 (5) ◽  
pp. 93
Author(s):  
Jane Henriksen-Bulmer ◽  
Shamal Faily ◽  
Sheridan Jeary
Keyword(s):  
Risk Assessment ◽  
Decision Making ◽  
Data Protection ◽  
Cyber Physical Systems ◽  
Mitigation Strategies ◽  
Assessment Process ◽  
Privacy Risk ◽  
Physical Systems ◽  
General Data Protection Regulation ◽  
Privacy Risks

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions.

Sign in / Sign up

Export Citation Format

Share Document