Journal articles on the topic 'Data Privacy and Security Policies'
To see the other types of publications on this topic, follow the link: Data Privacy and Security Policies.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Data Privacy and Security Policies.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Rosenfeld, Lisa, John Torous, and Ipsit V. Vahia. "Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies." American Journal of Geriatric Psychiatry 25, no. 8 (August 2017): 873–77. http://dx.doi.org/10.1016/j.jagp.2017.04.009.
Full text
2
Sipes, Elizabeth Kemery, Joshua James, and David Zetoony. "Current data security issues for financial services firms." Journal of Investment Compliance 17, no. 3 (September 5, 2016): 55–59. http://dx.doi.org/10.1108/joic-07-2016-0034.
Full textAbstract:
Purpose To provide a roadmap for financial services firms in designing some key policies and procedures relating to their cybersecurity programs, including document retention policies, creating incident response plans, and starting or evaluating a bounty program. Design/methodology/approach This article is divided into three parts: how to design a document retention policy, how to draft an effective incident response plan, data privacy considerations for starting or evaluating a bounty program. The information is presented in narrative form as well as through a series of practical checklists, questions for consideration and tables to represent data collected from other sources or analyzed by the authors. Findings This article identifies best practices for data security with respect to document retention policies, incident response plans and bounty programs. Originality/value This article includes practical guidance regarding document retention policies, incident response plans and bounty programs from lawyers with experience in data privacy and security, investment management and fund formation. This information is of value to financial services firms, which face potential financial implications and increasing regulatory ramifications, including enforcement actions, fines and penalties, for the failure to adopt tailored cybersecurity programs.
3
Chigona, W. "Synchronised smart phones: The collision of personal privacy and organisational data security." South African Journal of Business Management 43, no. 2 (June 29, 2012): 31–40. http://dx.doi.org/10.4102/sajbm.v43i2.181.
Full textAbstract:
The purpose of this study was to explore the organisational and individual motivations for incorporating personally-owned smart phones into the workplace and challenges arising from use; privacy and data security concerns of involved parties in the organisation. This study uses exploratory case study method and investigates privacy and security regarding personally-owned smart-phone usage in workplace. The study found that convenience, ease of use and access to emails were motives behind employees’ use of personal smart phones in the workplace. Further, employees have higher privacy expectation. Sample for this study was small to provide statistically meaningful results, Further research is needed to cover a larger case study spanning multiple organisations in other sectors. Mobile devices are creating challenges to organisational data security and employees’ right to information privacy. This study suggests that organisations need to reconsider data security and employees’ privacy policies to address possible conflict between data security and employees’ privacy.
4
Gao, Lei, and Alisa G. Brink. "A Content Analysis of the Privacy Policies of Cloud Computing Services." Journal of Information Systems 33, no. 3 (July 1, 2018): 93–115. http://dx.doi.org/10.2308/isys-52188.
Full textAbstract:
ABSTRACT Cloud computing is increasingly popular across all sectors and offers users unparalleled scalability, elasticity, and flexibility. However, the rapid transition toward cloud computing has raised privacy and confidentiality concerns. Cloud service providers can access users' data, and private information may be accidentally or deliberately disclosed or used for unauthorized purposes. Privacy policies are intended to provide users with information about privacy practices and their privacy options. This study performs content analysis of the privacy policies of 47 cloud service providers who offer services to business users. This analysis identifies what information is collected and why, to whom the information is disclosed, and what measures are in place for data security, data retention, and data complaints. Additionally, we investigate the readability, uncertainty language, and linguistic tone of cloud service privacy policies. Our results offer implications for cloud service users, providers, and policymakers, and provide directions for future research. Data Availability: Data are available upon request.
5
O'Loughlin, Kristen, Martha Neary, Elizabeth C. Adkins, and Stephen M. Schueller. "Reviewing the data security and privacy policies of mobile apps for depression." Internet Interventions 15 (March 2019): 110–15. http://dx.doi.org/10.1016/j.invent.2018.12.001.
Full text
6
Joshi, Anupam, Tim Finin, Lalana Kagal, Jim Parker, and Anand Patwardhan. "Security policies and trust in ubiquitous computing." Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 366, no. 1881 (July 31, 2008): 3769–80. http://dx.doi.org/10.1098/rsta.2008.0142.
Full textAbstract:
Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.
7
Shetty, Nisha P., Balachandra Muniyal, and Saleh Mowla. "Policy resolution of shared data in online social networks." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 4 (August 1, 2020): 3767. http://dx.doi.org/10.11591/ijece.v10i4.pp3767-3776.
Full textAbstract:
Online social networks have practically a go-to source for information divulging, social exchanges and finding new friends. The popularity of such sites is so profound that they are widely used by people belonging to different age groups and various regions. Widespread use of such sites has given rise to privacy and security issues. This paper proposes a set of rules to be incorporated to safeguard the privacy policies of related users while sharing information and other forms of media online. The proposed access control network takes into account the content sensitivity and confidence level of the accessor to resolve the conflicting privacy policies of the co-owners.
8
Shahid, Arsalan, Thien-An Ngoc Nguyen, and M.-Tahar Kechadi. "Big Data Warehouse for Healthcare-Sensitive Data Applications." Sensors 21, no. 7 (March 28, 2021): 2353. http://dx.doi.org/10.3390/s21072353.
Full textAbstract:
Obesity is a major public health problem worldwide, and the prevalence of childhood obesity is of particular concern. Effective interventions for preventing and treating childhood obesity aim to change behaviour and exposure at the individual, community, and societal levels. However, monitoring and evaluating such changes is very challenging. The EU Horizon 2020 project “Big Data against Childhood Obesity (BigO)” aims at gathering large-scale data from a large number of children using different sensor technologies to create comprehensive obesity prevalence models for data-driven predictions about specific policies on a community. It further provides real-time monitoring of the population responses, supported by meaningful real-time data analysis and visualisations. Since BigO involves monitoring and storing of personal data related to the behaviours of a potentially vulnerable population, the data representation, security, and access control are crucial. In this paper, we briefly present the BigO system architecture and focus on the necessary components of the system that deals with data access control, storage, anonymisation, and the corresponding interfaces with the rest of the system. We propose a three-layered data warehouse architecture: The back-end layer consists of a database management system for data collection, de-identification, and anonymisation of the original datasets. The role-based permissions and secured views are implemented in the access control layer. Lastly, the controller layer regulates the data access protocols for any data access and data analysis. We further present the data representation methods and the storage models considering the privacy and security mechanisms. The data privacy and security plans are devised based on the types of collected personal, the types of users, data storage, data transmission, and data analysis. We discuss in detail the challenges of privacy protection in this large distributed data-driven application and implement novel privacy-aware data analysis protocols to ensure that the proposed models guarantee the privacy and security of datasets. Finally, we present the BigO system architecture and its implementation that integrates privacy-aware protocols.
9
Fu, Tao. "China’s personal information protection in a data-driven economy: A privacy policy study of Alibaba, Baidu and Tencent." Global Media and Communication 15, no. 2 (May 27, 2019): 195–213. http://dx.doi.org/10.1177/1742766519846644.
Full textAbstract:
By examining the privacy policies of leading Chinese Internet and information service providers (IISPs), this study found their privacy policies to be generally compliant with China’s personal information protection provisions. These IISPs use proper mechanisms showing their commitment, measures and enforcement to data security, but their Fair Information Practices need improvement. Personal information protection in China is severe. Privacy policies offer more ‘notice’ than they do ‘choice’. Chinese IISPs collect and use information extensively in the guise of providing value to users, but have given insufficient consideration to transborder data flows and change of ownership. Societal and technological mechanisms have not been widely sought.
10
Dean, Matthew D., Dinah M. Payne, and Brett J. L. Landry. "Data mining: an ethical baseline for online privacy policies." Journal of Enterprise Information Management 29, no. 4 (July 11, 2016): 482–504. http://dx.doi.org/10.1108/jeim-04-2014-0040.
Full textAbstract:
Purpose – The purpose of this paper is to advocate for and provide guidance for the development of a code of ethical conduct surrounding online privacy policies, including those concerning data mining. The hope is that this research generates thoughtful discussion on the issue of how to make data mining more effective for the business stakeholder while at the same time making it a process done in an ethical way that remains effective for the consumer. The recognition of the privacy rights of data mining subjects is paramount within this discussion. Design/methodology/approach – The authors derive foundational principles for ethical data mining. First, philosophical literature on moral principles is used as the theoretical foundation. Then, using existing frameworks, including legislation and regulations from a range of jurisdictions, a compilation of foundational principles was derived. This compilation was then evaluated and honed through the integration of stakeholder perspective and the assimilation of moral and philosophical precepts. Evaluating a sample of privacy policies hints that current practice does not meet the proposed principles, indicating a need for changes in the way data mining is performed. Findings – A comprehensive framework for the development a contemporary code of conduct and proposed ethical practices for online data mining was constructed. Research limitations/implications – This paper provides a configuration upon which a code of ethical conduct for performing data mining, tailored to meet the particular needs of any organization, can be designed. Practical implications – The implications of data mining, and a code of ethical conduct regulating it, are far-reaching. Implementation of such principles serve to improve consumer and stakeholder confidence, ensure the enduring compliance of data providers and the integrity of its collectors, and foster confidence in the security of data mining. Originality/value – Existing legal mandates alone are insufficient to properly regulate data mining, therefore supplemental reference to ethical considerations and stakeholder interest is required. The adoption of a functional code of general application is essential to address the increasing proliferation of apprehension regarding online privacy.
11
Alsulbi, Khalil Ahmad, Maher Ali Khemakhem, Abdullah Ahamd Basuhail, Fathy Eassa Eassa, Kamal Mansur Jambi, and Khalid Ali Almarhabi. "A Proposed Framework for Secure Data Storage in a Big Data Environment Based on Blockchain and Mobile Agent." Symmetry 13, no. 11 (October 21, 2021): 1990. http://dx.doi.org/10.3390/sym13111990.
Full textAbstract:
The sum of Big Data generated from different sources is increasing significantly with each passing day to extent that it is becoming challenging for traditional storage methods to store this massive amount of data. For this reason, most organizations have resolved to use third-party cloud storage to store data. Cloud storage has advanced in recent times, but it still faces numerous challenges with regard to security and privacy. This paper discusses Big Data security and privacy challenges and the minimum requirements that must be provided by future solutions. The main objective of this paper is to propose a new technical framework to control and manage Big Data security and privacy risks. A design science research methodology is used to carry out this project. The proposed framework takes advantage of Blockchain technology to provide secure storage of Big Data by managing its metadata and policies and eliminating external parties to maintain data security and privacy. Additionally, it uses mobile agent technology to take advantage of the benefits related to system performance in general. We present a prototype implementation for our proposed framework using the Ethereum Blockchain in a real data storage scenario. The empirical results and framework evaluation show that our proposed framework provides an effective solution for secure data storage in a Big Data environment.
12
Sharma, Gaurav, Urvashi Garg, A.P, Arun Jain, A.P, and Loveleena Mukhija, A.P. "Cloud Computing : Security Issues And Resource Allocation Policies." International Journal of Advanced Research in Computer Science and Software Engineering 7, no. 7 (July 30, 2017): 176. http://dx.doi.org/10.23956/ijarcsse/v7i7/0116.
Full textAbstract:
Cloud computing is the combination of distributed computing, grid computing and parallel technologies which define the shape of a new era. In this technology client data is stored and maintain in the data center of a cloud provider like Google, Amazon and Microsoft etc. It has inherited the legacy technology and including unique ideas. Industries, such as education, banking and healthcare are moving towards the cloud due to the efficiency of services such as transactions carried out, processing power used, bandwidth consumed, data transferred etc. There are various challenges for adopting cloud computing such as privacy ,interoperability, managed service level agreement (SLA) and reliability. In this paper we survey challenges in resources allocation and the security issues of the cloud environment.
13
Liu, Kaijun, Guoai Xu, Xiaomei Zhang, Guosheng Xu, and Zhangjie Zhao. "Evaluating the Privacy Policy of Android Apps: A Privacy Policy Compliance Study for Popular Apps in China and Europe." Scientific Programming 2022 (August 23, 2022): 1–15. http://dx.doi.org/10.1155/2022/2508690.
Full textAbstract:
Recently, with the increase in the market share of the Android system and the sharp increase in the number of Android mobile apps, many countries and regions have successively launched laws and regulations related to data security. The EU’s GDPR and China’s Information Security Technology-Personal Information Security Specification are two of the most important bills, affecting vast areas and large populations. Both regulations impose requirements on privacy policy specifications for Android apps. With these requirements, however, apps’ privacy policies have become larger. Researchers have conducted studies on whether the actual privacy behavior of apps conforms to their privacy policy description but have not focused on compliance with the privacy policy itself. In this paper, we propose evaluation metrics for privacy policy compliance and evaluate popular apps by analyzing privacy policies and apps. We applied our method to 1,000 apps from the Google Play Store in Europe and 1,000 apps from the Tencent Appstore in China. We detected a number of app privacy policy noncompliance issues and discovered a number of privacy issues with third-party services and third-party libraries.
14
Romero Torres, Alberto de Jesús. "Challenges in security and privacy in wireless communications." Revista de Jóvenes Investigadores Ad Valorem 4, no. 2 (December 15, 2021): 74–81. http://dx.doi.org/10.32997/rjia-vol.4-num.2-2021-3701.
Full textAbstract:
This Research Review Paper highlights some of the main concepts of Wireless Communication including Network Security, Privacy, and Transmission Control Protocol/Internet Protocol (TCP/IP). In equal manner, it illustrates the organizational importance to establish more effective policies to counterattack and prevent cyber-attacks and reduce cyber threats. Therefore, avoiding the financial cost occasioned by hackers and the physical harm that could be cause to an individual by the sensitive data shared via technological devices to the internet without permission.
15
Faraz, Syed Hassan, Syed Hassan Tanvir, and Saqib Saeed. "A Study on Privacy and Security Aspects of Facebook." International Journal of Technology Diffusion 3, no. 4 (October 2012): 48–55. http://dx.doi.org/10.4018/jtd.2012100105.
Full textAbstract:
Social web has changed the concept of leisure time. As a result street neighbors have been replaced by e-neighbors and walls have become e-walls to share ideas and gossips. Despite so many advantages we cannot ignore potential threats to user privacy and security. In order to be extremely usable, such systems should have strict security and privacy policies in place. In this paper the authors focus on “Facebook” to understand privacy and security problems by carrying out a web based survey. Based on the findings from empirical data the authors propose different enhancements for the improvement of user privacy and potential threats to user account security.
16
Goreva, Natalya, Sushma Mishra, Peter Draus, George Bromall, and Don Caputo. "A Study Of The Security Of Electronic Medical Records Utilizing Six Knowledge Categories And Subjects Demographics." International Journal of Management & Information Systems (IJMIS) 20, no. 3 (June 30, 2016): 51–58. http://dx.doi.org/10.19030/ijmis.v20i3.9738.
Full textAbstract:
Healthcare employees with their motivation to comply with security policies play an extremely important role in protecting patients’ privacy. In this research we attempt to survey the attitude of healthcare employees towards security of Electronic Medical Records. We further review what factors impact their perception of the medical data security and determine how well they understand policies, procedures, organization structures, and other aspects related to EMR protection.
17
Șandor, Andrei. "Virtualization Solutions Supporting Privacy and Data Protection in Online Activities." International conference KNOWLEDGE-BASED ORGANIZATION 25, no. 3 (June 1, 2019): 168–73. http://dx.doi.org/10.2478/kbo-2019-0133.
Full textAbstract:
Abstract Nowadays, smart devices like computers, tablets, and smartphones allow transmitting the information everywhere, with high speed, over the World Wide Web. However, risks regarding data integrity, privacy and security when using the Internet, increased dramatically, as methods designed to exploit the system’s vulnerabilities are more and more sophisticated. Therefore the need for people working in professional environments to protect their private data when using unsecure connections, by employing advanced tools. There are multiple solutions, but we will focus on the use of virtualization software like VMware or Oracle Virtual Box, together with traditional privacy measures (use of proxies and VPN’s). Today’s smart devices store an important amount of data about their owners and, in most of the cases, people don’t even realize this. Installing and using protection means is often not enough. They have to be properly setup in order to ensure the desired level of security, or anonymity, when using the Internet, and require for the military personnel a good knowledge not only about cyber vulnerabilities and risks, but also technical capabilities and features of the employed security solutions. DISCLAIMER: This paper expresses the views, interpretations, and independent position of the authors. It should not be regarded as an official document, nor expressing formal opinions or policies, of NATO or the HUMINT Centre of Excellence (HCOE).
18
Brewster, Christopher, Barry Nouwt, Stephan Raaijmakers, and Jack Verhoosel. "Ontology-based Access Control for FAIR Data." Data Intelligence 2, no. 1-2 (January 2020): 66–77. http://dx.doi.org/10.1162/dint_a_00029.
Full textAbstract:
This paper focuses on fine-grained, secure access to FAIR data, for which we propose ontology-based data access policies. These policies take into account both the FAIR aspects of the data relevant to access (such as provenance and licence), expressed as metadata, and additional metadata describing users. With this tripartite approach (data, associated metadata expressing FAIR information, and additional metadata about users), secure and controlled access to object data can be obtained. This yields a security dimension to the “A” (accessible) in FAIR, which is clearly needed in domains like security and intelligence. These domains need data to be shared under tight controls, with widely varying individual access rights. In this paper, we propose an approach called Ontology-Based Access Control (OBAC), which utilizes concepts and relations from a data set's domain ontology. We argue that ontology-based access policies contribute to data reusability and can be reconciled with privacy-aware data access policies. We illustrate our OBAC approach through a proof-of-concept and propose that OBAC to be adopted as a best practice for access management of FAIR data.
19
Amato, Flora, Valentina Casola, Giovanni Cozzolino, Alessandra De Benedictis, Nicola Mazzocca, and Francesco Moscato. "A Security and Privacy Validation Methodology for e-Health Systems." ACM Transactions on Multimedia Computing, Communications, and Applications 17, no. 2s (May 17, 2021): 1–22. http://dx.doi.org/10.1145/3412373.
Full textAbstract:
e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While several security mechanisms exist that can be applied in an e-Health system, they may not be adequate due to the complexity of involved workflows, and to the possible inherent correlation among health-related concepts that may be exploited by unauthorized subjects. In this article, we propose a novel methodology for the validation of security and privacy policies in a complex e-Health system, that leverages a formal description of clinical workflows and a semantically enriched definition of the data model used by the workflows, in order to build a comprehensive model of the system that can be analyzed with automated model checking and ontology-based reasoning techniques. To validate the proposed methodology, we applied it to two case studies, subjected to the directives of the EU GDPR regulation for the protection of health data, and demonstrated its ability to correctly verify the fulfillment of desired policies in different scenarios.
20
Schafer, Burkhard. "D-waste: Data disposal as challenge for waste management in the Internet of Things." International Review of Information Ethics 22 (December 1, 2014): 101–7. http://dx.doi.org/10.29173/irie122.
Full textAbstract:
Proliferation of data processing and data storage devices in the Internet of Things poses significant privacy risks. At the same time, faster and faster use-cycles and obsolescence of devices with electronic components causes environmental problems. Some of the solutions to the environmental challenges of e-waste include mandatory recycling schemes as well as informal second hand markets. However, the data security and privacy implications of these green policies are as yet badly understood. This paper argues that based on the experience with second hand markets in desktop computers, it is very likely that data that was legitimately collected under the household exception of the Data Protection Directive will “leak” into public spheres. Operators of large recycling schemes may find themselves inadvertently and unknowingly to be data controller for the purpose of Data Protection law, private resale of electronic devices can expose the prior owner to significant privacy risks.
21
Schafer, Burkhard. "D-waste: Data disposal as challenge for waste management in the Internet of Things." International Review of Information Ethics 22 (December 1, 2014): 101–7. http://dx.doi.org/10.29173/irie131.
Full textAbstract:
Proliferation of data processing and data storage devices in the Internet of Things poses significant privacy risks. At the same time, faster and faster use-cycles and obsolescence of devices with electronic components causes environmental problems. Some of the solutions to the environmental challenges of e-waste include mandatory recycling schemes as well as informal second hand markets. However, the data security and privacy implications of these green policies are as yet badly understood. This paper argues that based on the experience with second hand markets in desktop computers, it is very likely that data that was legitimately collected under the household exception of the Data Protection Directive will “leak” into public spheres. Operators of large recycling schemes may find themselves inadvertently and unknowingly to be data controller for the purpose of Data Protection law, private resale of electronic devices can expose the prior owner to significant privacy risks.
22
Suwandi, Syifa Ilma Nabila, Xavier Wahyuadi Seloatmodjo, Alexandra Situmorang, and Nur Aini Rakhmawati. "Analisis privasi data pengguna contact tracing application pengendalian COVID-19 di Indonesia berdasarkan PERPRES RI No. 95 tahun 2018 tentang sistem pemerintahan berbasis elektronik." Teknologi 11, no. 1 (January 1, 2021): 46–58. http://dx.doi.org/10.26594/teknologi.v11i1.2174.
Full textAbstract:
The presence of user contact applications in the community as a means of preventing and overcoming the spread of COVID-19 can pose another risk to the potential dangers of protecting data privacy from contact tracing. This research examines more deeply related to user privacy policies through 3 (three) samples of android-based user contact applications that are used as a means of preventing, overcoming and controlling the spread of the COVID-19 virus in today's society and by reviewing the rules contained in the Presidential Regulation of the Republic. Indonesian No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE). The study in this study was prepared using the method of literature study, observation and qualitative analysis. A comparison was made regarding the data privacy of the three samples, which was then evaluated and matched with the form of the privacy policy according to Presidential Regulation No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE) and according to the ideal form of data privacy policy based on several experts. Comparative data is obtained through related applications and other electronic media which are then discussed together to conclude and evaluate the data privacy policies of the three sample applications. Based on this research, it can be concluded that privacy intervention to deal with damage and save lives is legal as long as its use is in accordance with regulations in the health, disaster, telecommunications, informatics and other related fields; in this case listed in the Presidential Decree No. 95 of 2018 concerning Electronic-Based Government Systems (SPBE) and there needs to be an increase in efforts to maintain the security and confidentiality of user data privacy through continuous system and data maintenance, encryption of data privacy storage in the manager's data warehouse and added with other data privacy policies can guarantee the security and confidentiality of the privacy of user data.
23
Saeed, Saqib. "A Customer-Centric View of E-Commerce Security and Privacy." Applied Sciences 13, no. 2 (January 11, 2023): 1020. http://dx.doi.org/10.3390/app13021020.
Full textAbstract:
Business organizations have huge potential to increase their customer base by offering e-commerce services, especially in the post-pandemic era. Ensuring secure e-commerce applications plays an important role in increasing customer base. To develop appropriate policies and secure technological infrastructures, business organizations first need to establish an understanding of the reservations of their customers toward e-commerce, as well as their perception of security and privacy of e-commerce applications. In this paper, we present the results of an empirical study of e-commerce customers conducted in Pakistan to gain an insight into their mindset on using e-commerce applications. An online questionnaire was set up to collect data, which were analyzed using the partial least squares method with SmartPLS software. The empirical findings highlight that customers’ concerns about credit card usage, concerns over information security, motivational factors for shopping offered by business organizations, customer trustworthiness, and user’s feelings about the reputation of e-commerce impact their perception of security of online data and trust in an e-commerce application. The results of this study can help organizations in Pakistan to develop policies and improve technological infrastructures by adopting emerging technologies and digital forensics.
24
Ullah, Salim, Muhammad Sohail Khan, Choonhwa Lee, and Muhammad Hanif. "Understanding Users’ Behavior towards Applications Privacy Policies." Electronics 11, no. 2 (January 13, 2022): 246. http://dx.doi.org/10.3390/electronics11020246.
Full textAbstract:
Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.
25
Shen, Xieyang, Chuanhe Huang, Danxin Wang, and Jiaoli Shi. "A Privacy-Preserving Attribute-Based Encryption System for Data Sharing in Smart Cities." Wireless Communications and Mobile Computing 2021 (October 8, 2021): 1–15. http://dx.doi.org/10.1155/2021/6686675.
Full textAbstract:
Information leakage and efficiency are the two main concerns of data sharing in cloud-aided IoT. The main problem is that smart devices cannot afford both energy and computation costs and tend to outsource data to a cloud server. Furthermore, most schemes focus on preserving the data stored in the cloud but omitting the access policy is typically stored in unencrypted form. In this paper, we proposed a fine-grained data access control scheme based on CP-ABE to implement access policies with a greater degree of expressiveness as well as hidden policies from curious cloud service providers. Moreover, to mitigate the extra computation cost generated by complex policies, an outsourcing service for decryption can be used by data users. Further experiments and extensive analysis show that we significantly decrease the communication and computation overhead while providing a high-level security scheme compared with the existing schemes.
26
Zamfiroiu, Alin, Bogdan Iancu, Catalin Boja, Tiberiu-Marian Georgescu, Cosmin Cartas, Marius Popa, and Cristian Valeriu Toma. "IoT Communication Security Issues for Companies: Challenges, Protocols and The Web of Data." Proceedings of the International Conference on Business Excellence 14, no. 1 (July 1, 2020): 1109–20. http://dx.doi.org/10.2478/picbe-2020-0104.
Full textAbstract:
AbstractThis article analyzes and highlights the security perspective of Internet of Things (IoT) connected devices and their communication challenges, as IoT is considered one of the key emerging fields in Industry 4.0. The IoT architectures can consist of physical systems, virtual ones or even hybrids, combining a collection of different physically active things, sensors, cloud services, specific IoT protocols, communication layers, users and developers. On top of all, it is the business layer, because the scope of the entire IoT environment is to deliver data, to monitor and to facilitate the management of complex processes. In order to facilitate the data exchange between the IoT layers, there have been developed a series of protocols particular to the IoT domain. As in many IT related fields, the solutions are not perfect from the data security and privacy perspectives, many challenges being still open research issues. As the two concepts of IoT and Cloud of Things are connected, bringing real world data into the Cloud to process it, raises Cloud Computing security concerns regarding the privacy and security of data. Although in recent years, many efforts have been made to improve Cloud Computing security, there are risks that need to be taken into consideration. From the Web of Data’s point of view, things are even more prone to security risks. Because privacy is one of the fundamental right of digital users, it is extremely important for new technologies to comply with privacy regulations and policies, such as the new European data protection and privacy frameworks. In this context, companies must take into account standards, challenges and new trends in IoT. In the absence of specific measures, raw or processed data can be easily stolen from the Web of Data. In this paper we analyze and present the main protocols of communication in the IoT field from a data security perspective. Also, we do a review of the main architectures that can improve the security of the communication between IoT devices and the Cloud data storage.
27
Magalhaes, MarcusAbreu de. "Data protection regulation: a comparative law approach." International Journal of Digital Law 2, no. 2 (August 15, 2021): 33–53. http://dx.doi.org/10.47975/ijdl.magalhaes.v.2.n.2.
Full textAbstract:
This paper aims to present a comparative approach to data protection regulations around the world. Most countries possess data protection laws in some level of detail. In order to compare structures of data control and compliance in dissimilar systems, the study selected four distinct arrangements : the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian Digital Privacy Law, Lei Geral de Proteção de Dados Pessoais (LGPD); and the Chinese Data Privacy Framework, which is molded by a set of different regulations. The analysis was based in common key points of those regulations – territorial scope, consent and disclosure, data security requirements, data transfer, Data Protection Officer, awareness and training, and penalties – to explore the different policies and national goals. The paper argues that, in the landscape of the information based society, new law is needed to protect citizens’ rights to privacy and to bound harvesting and mining of personal information to ensure transparency, control, and compliance of the information economy.
28
Trojer, Thomas, Basel Katt, Ruth Breu, Thomas Schabetsberger, and Richard Mair. "Managing Privacy and Effectiveness of Patient-Administered Authorization Policies." International Journal of Computational Models and Algorithms in Medicine 3, no. 2 (April 2012): 43–62. http://dx.doi.org/10.4018/jcmam.2012040103.
Full textAbstract:
A central building block of data privacy is the individual right of information self-determination. Following from that when dealing with shared electronic health records (SEHR), citizens, as the identified individuals of such records, have to be enabled to decide what medical data can be used in which way by medical professionals. In this context individual preferences of privacy have to be reflected by authorization policies to control access to personal health data. There are two potential challenges when enabling patient-controlled access control policy authoring: First, an ordinary citizen neither can be considered a security expert, nor does she or he have the expertise to fully understand typical activities and workflows within the health-care domain. Thus, a citizen is not necessarily aware of implications her or his access control settings have with regards to the protection of personal health data. Both privacy of citizen’s health-data and the overall effectiveness of a health-care information system are at risk if inadequate access control settings are in place. This paper refers to scenarios of a case study previously conducted and shows how privacy and information system effectiveness can be defined and evaluated in the context of SEHR. The paper describes an access control policy analysis method which evaluates a patient-administered access control policy by considering the mentioned evaluation criteria.
29
Almubarak, Hameed, Mohamed Khairallah Khouja, and Ahmed Jedidi. "Security and privacy recommendation of mobile app for Arabic speaking." International Journal of Electrical and Computer Engineering (IJECE) 12, no. 5 (October 1, 2022): 5191. http://dx.doi.org/10.11591/ijece.v12i5.pp5191-5203.
Full textAbstract:
<p>There is an enormous number of mobile apps, leading users to be concerned about the security and privacy of their data. But few users are aware of what is meant by app permissions, which sometimes do not illustrate what kind of data is gathered. Therefore, users are still concerned about security risks and privacy, with little knowledge and experience of what security and privacy awareness. Users depend on ratings, which may be fake, or keep track of their sense to install an app, and an enormous number of users do not like to read reviews. To solve this issue, we propose a recommender system that reads users' reviews, and which exposes flaws, violations and third-party policies or the quality of a user's experience. In order to design and implement our recommender, we conduct a survey which supports two significant points: to detect the level of security and privacy awareness between users, and to gather new words into a dictionary of a recommender system, which assists to classify each review on the correct level, which can indeed reveal the scale of security and privacy in an app.</p>
30
Seyedmostafa, Safavi, and Shukur Zarina. "CenterYou: Android privacy made easier the Cloud Way." Trends in Computer Science and Information Technology 7, no. 3 (September 2, 2022): 057–73. http://dx.doi.org/10.17352/tcsit.000052.
Full textAbstract:
The Smartphone industry has expanded significantly over the last few years. According to the available data, each year, a marked increase in the number of devices in use is observed. Most consumers opt for Smartphones due to the extensive number of software applications that can be downloaded on their devices, thus increasing their functionality. However, this growing trend of application installation brings an issue of user protection, as most applications seek permissions to access data on a user’s device. The risks this poses to sensitive data are real to both corporate and individual users. While Android has grown in popularity, this trend has not been followed by the efforts to increase the security of its users. This is a well-known set of problems, and prior solutions have approached it from the ground up; that is, they have focused on implementing reasonable security policies within Android’s open-source kernel. While these solutions have achieved the goals of improving Android with such security policies, they are severely hampered by the way in which they have been implemented them. In this work, a framework referred to as CenterYou is proposed to overcome these issues. It applies pseudo data technique and cloud-based decision-making system to scan and protect Smartphone devices from unnecessarily requested permissions by installed applications and identifies potential privacy leakages. The current paper demonstrated all aspects of the CenterYou application technical design. The work presented here provides a significant contribution to the field, as the technique based on pseudo data is used in the actual permissions administration of Android applications. Moreover, this system is user and cloud-driven, rather than being governed by over-privileged applications.
31
Li, Teng, Jiawei Zhang, Yanbo Yang, Wei Qiao, and Yangxu Lin. "Auditable and Times limitable Secure Data Access Control for Cloud-based Industrial Internet of Things." Journal of Networking and Network Applications 1, no. 3 (2021): 129–38. http://dx.doi.org/10.33969/j-nana.2021.010306.
Full textAbstract:
Recently, the rapid development of Internet of things (IoT) and cloud computing technologies have greatly facilitated various industrial applications and Industrial IoT (IIoT). The widely deployed IIoT devices and large capacity of cloud significantly benefit for and bring convenience to various industrial sectors. However, there exist a large number of concerns about data security in IIoT, especially when a majority of sensitive IIoT data is shared in cloud. Although as one of the most promising technique, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can provide fine-grained access control for IIoT data shared in cloud, there are still many drawbacks which impede the direct adoption of conventional CP-ABE. On the one hand, unlimited IIoT data access times may disable data access service of cloud and bring serious consequences. On the other hand, the access policies of ciphertexts usually consist of much sensitive information and cause privacy exposure. Moreover, the high computation overhead also extremely hinders resource-limited users in IIoT applications. To solve these problems, we propose TAHP-CP-ABE, a k-times and auditable hidden-policy CP-ABE scheme which is suitable for resource-limited users and privacy-aware access policies with data access times limitation in IIoT applications. Specifically, TAHP-CP-ABE preserves the privacy of access policies by hiding only attribute values and realizes limited access times as well as efficient IIoT ciphertexts decryption with decryption test and outsourced decryption. The security analysis and experimental results indicate that TAHP-CP-ABE is secure, efficient and practical.
32
Huang, Chanying, Songjie Wei, and Anmin Fu. "An Efficient Privacy-Preserving Attribute-Based Encryption with Hidden Policy for Cloud Storage." Journal of Circuits, Systems and Computers 28, no. 11 (October 2019): 1950186. http://dx.doi.org/10.1142/s021812661950186x.
Full textAbstract:
Cloud storage is one of the most widely-used storage services, because it can provide users with unlimited, scalable, low-cost and convenient resource services. When data is outsourced to cloud for storage, data security and access control are the two essential issues that need to be addressed. Attribute-based encryption (ABE) scheme can provide sufficient data security and fine-grained access control for cloud data. As more and more attention is drawn to privacy protection, privacy preservation becomes another urgent issue for cloud storage. In ABE, since the access policies are generally stored in clear text, it will lead to the disclosure of users’ privacy. Some works sacrifice computational efficiency, key length or ciphertext size for privacy concerns. To solve these problems, this paper proposes an efficient privacy-preserving attribute-based encryption scheme with hidden policy for outsourced data. Using the idea of Boolean equivalent transformation, the proposed scheme achieves fast encryption and privacy protection for both data owner and legitimate visitors. In addition, the proposed scheme can satisfy constant secret key length and reasonable size of ciphertext requirements. We also conduct theoretical security analysis, and carry out experiments to prove that the proposed scheme has good performance in terms of computation, communication and storage overheads.
33
Zhang, Kai, Yanping Li, and Laifeng Lu. "Privacy-Preserving Attribute-Based Keyword Search with Traceability and Revocation for Cloud-Assisted IoT." Security and Communication Networks 2021 (May 29, 2021): 1–13. http://dx.doi.org/10.1155/2021/9929663.
Full textAbstract:
With the rapid development of cloud computing and Internet of Things (IoT) technology, it is becoming increasingly popular for source-limited devices to outsource the massive IoT data to the cloud. How to protect data security and user privacy is an important challenge in the cloud-assisted IoT environment. Attribute-based keyword search (ABKS) has been regarded as a promising solution to ensure data confidentiality and fine-grained search control for cloud-assisted IoT. However, due to the fact that multiple users may have the same retrieval permission in ABKS, malicious users may sell their private keys on the Internet without fear of being caught. In addition, most of existing ABKS schemes do not protect the access policy which may contain privacy information. Towards this end, we present a privacy-preserving ABKS that simultaneously supports policy hiding, malicious user traceability, and revocation. Formal security analysis shows that our scheme can not only guarantee the confidentiality of keywords and access policies but also realize the traceability of malicious users. Furthermore, we provide another more efficient construction for public tracing.
34
Di Sia, Paolo. "About privacy and phishing on social networks and the case of Facebook." E-methodology 5, no. 5 (April 23, 2019): 100–112. http://dx.doi.org/10.15503/emet.v5i5.429.
Full textAbstract:
Aim. In recent years, social networks have multiplied on the Internet, becoming more and more used, and consequently raising doubts about the security of privacy. This exponential development has attracted the attention of bad-intentioneds too. The aim of the research is to undestand how “attack algorithms” can violate the privacy of millions of people, despite privacy policies which do not allow their use.
Methods. Considering an analysis on password security on Facebook, I evaluate the problems connected with the use of an attack algorithm in relation to privacy and security.
Results. Over the years, Facebook privacy policies have been changed, but with new services it is still possible to trace personal information. Using special phishing techniques it is possible to get the access credentials of a good percentage of users. This allows attackers to perform online transactions, view bank accounts and their transactions, call details, credit card numbers and many other personal data.
Conclusions. Waiting for the power of the future quantum Internet, it is unfortunately possible today to launch an attack exploiting the analysed techniques and even improve them, making them more effective and reaching even higher success rates, thus placing a very high number of users in serious danger.
35
Athanere, Smita, and Ramesh Thakur. "A Hierarchical Multi-Authority Access Control Scheme for Secure and Efficient Data Sharing in Cloud Storage." Journal of Strategic Security 15, no. 1 (April 2022): 126–47. http://dx.doi.org/10.5038/1944-0472.15.1.1970.
Full textAbstract:
Enterprises choose to keep their data on the cloud to allow for flexible and efficient data exchange among their authorized staff when dealing with huge data. However, during the sharing of sensitive data, data security and users privacy has become major challenges. Most of the existing studies have several limitations, including weak model security, single point of failure, and lack of efficiency during user revocation. This article proposes cloud storage based Hierarchical Multi-authority Access Control Scheme (HMA-ACS) for secure and efficient data sharing. Through theoretical analysis, this article proves that the proposed mechanism efficiently performs cryptographic key operations and secured plus adaptive in the standard model while supporting the access policies. Furthermore, the proposed approach evaluated and compared recent state-of-art schemes in terms of storage overhead, computation overhead, average encryption, and decryption performance. Experimental results analysis shows that the proposed solution is resistant to many types of security threats and ensures data privacy when sharing data in the cloud.
36
Kaupins, Gundars. "Laws Associated with Mobile Computing in the Cloud." International Journal of Wireless Networks and Broadband Technologies 2, no. 3 (July 2012): 1–9. http://dx.doi.org/10.4018/ijwnbt.2012070101.
Full textAbstract:
This article describes the present and potential legal constraints of mobile computing especially related to cloud computing. Numerous American national laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm, Leach, Bliley Act provide industry-related guidelines such as providing employee training on data security. Numerous state laws, as in California, get more specific on mandating web privacy policies, warning employees of Web monitoring, and storing and distributing personal customer information. Implications on corporate privacy policies and future legal trends are included.
37
Zhonghua, Chen, and S. B. Goyal. "Block chain Technology to Handle Security and Privacy for IoT Systems: Analytical Review." International Journal of Electrical and Electronics Research 10, no. 2 (June 30, 2022): 74–79. http://dx.doi.org/10.37391/ijeer.100204.
Full textAbstract:
With a large number of mobile terminals accessing IoT for information exchange and communication, security issues such as identity authentication, data transmission, and device failure are becoming more and more serious. Most of the traditional security technologies are based on centralized systems, and due to the limitation of IoT topology, traditional security technologies can only be applied to specific industries. Blockchain technology has the features of decentralization, data encryption, and tamper-proof, which are especially suitable for application in complex heterogeneous networks. This paper discusses for the first time the use of the block chain in many fields, providing an opportunity to address IoT security issues. Second, it discussed the IoT acceptance on various domains and the privacy issues IoT faces on limited resources. Finally, this paper investigates many of the problems facing the integrated process of block chain-based and IoT-based applications. The purpose of this article is to provide an overview of block chain based policies for privacy protection in IoT. After analyzing related solutions, blockchain technology can work better in the area of IoT security and privacy protection
38
Maqsood, Madiha, and Ayesha Ashfaq. "THE AUDIENCE IS THE KEY, DATA IS NOT: ANALYZING USERS’ CONCERNS AND EXPERTS’ REFLECTIONS REGARDING PRIVACY POLICIES OF SOCIAL NETWORKING SITES." Pakistan Journal of Social Research 04, no. 01 (March 31, 2022): 511–20. http://dx.doi.org/10.52567/pjsr.v4i1.675.
Full textAbstract:
The constantly evolving world and the advent of social media gave birth to excessive digitalized human interaction enhancing connectivity among users. These new modes of interaction added to the excitement of sharing, but at the same time it has placed some concerns about the excessive sharing of personal information on digital platforms. The boundaries of subsequent privacy violations are critical concerns in the advance of the technological age. Pakistan is a country with an enormously growing number of internet users, from diverse socio-cultural backgrounds and the platforms are used for distinctive reasons, resulting in millions of posts every minute of the day. A qualitative approach of in-depth interviews was used for the study. Considering the qualitative nature of the study interviews was conducted based on the semi- structured questionnaire. The sample using a purposive sampling technique included users for the sake of highlighting the privacy concerns and experts like media academics, psychologists, lawyers, representatives from the cyber-crime wing of FIA, and the country representatives of social media platforms for understanding the approaches to bridge the gaps regarding those concerns. Social media representatives ensured users' sense of security as a priority of social platforms. Users' inferences and privacy awareness were also gauged which showed concerns about the layout of privacy policies. The privacy calculus approach helped understand the user’s psyche of disclosure while having privacy concerns. Keywords: Social Media, Privacy concerns, Self Disclosure, Privacy Calculus, Privacy policies, Awareness.
39
Gruber, Moritz, Christian Höfig, Maximilian Golla, Tobias Urban, and Matteo Große-Kampmann. "“We may share the number of diaper changes”: A Privacy and Security Analysis of Mobile Child Care Applications." Proceedings on Privacy Enhancing Technologies 2022, no. 3 (July 2022): 394–414. http://dx.doi.org/10.56553/popets-2022-0078.
Full textAbstract:
Mobile child care management applications can help child care facilities, preschools, and kindergartens to save time and money by allowing their employees to speed up everyday child care tasks using mobile devices. Such apps often allow child care workers to communicate with parents or guardians, sharing their children’s most private data (e. g., activities, photos, location, developmental aspects, and sometimes even medical information). To offer these services, child care apps require access to very sensitive data of minors that should never be shared over insecure channels and are subject to restrictive privacy laws. This work analyzes the privacy and security of 42 Android child care applications and their cloud-backends using a combination of static and dynamic analysis frameworks, configuration scanners, and inspecting their privacy policies. The results of our analysis show that while children do not use these apps, they can leak sensitive data about them. Alarming are the findings that many third-party (tracking) services are embedded in the applications and that adversaries can access personal data by abusing vulnerabilities in the applications. We hope our work will raise awareness about the privacy risks introduced by these applications and that regulatory authorities will focus more on these risks in the future.
40
Choi, Young B., and Christopher E. Williams. "A HIPAA Security and Privacy Compliance Audit and Risk Assessment Mitigation Approach." International Journal of Cyber Research and Education 3, no. 2 (July 2021): 28–45. http://dx.doi.org/10.4018/ijcre.2021070103.
Full textAbstract:
Data breaches have a profound effect on businesses associated with industries like the US healthcare system. This task extends more pressure on healthcare providers as they continue to gain unprecedented access to patient data, as the US healthcare system integrates further into the digital realm. Pressure has also led to the creation of the Health Insurance Portability and Accountability Act, Omnibus Rule, and Health Information Technology for Economic and Clinical Health laws. The Defense Information Systems Agency also develops and maintains security technical implementation guides that are consistent with DoD cybersecurity policies, standards, architectures, security controls, and validation procedures. The objective is to design a network (physician's office) in order to meet the complexity standards and unpredictable measures posed by attackers. Additionally, the network must adhere to HIPAA security and privacy requirements required by law. Successful implantation of network design will articulate comprehension requirements of information assurance security and control.
41
Jaidi, Faouzi, Faten Ayachi, and Adel Bouhoula. "Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases." International Arab Journal of Information Technology 17, no. 5 (September 1, 2020): 808–15. http://dx.doi.org/10.34028/iajit/17/5/14.
Full textAbstract:
Databases are considered as one of the most compromised assets according to 2014-2016 Verizon Data Breach Reports. The reason is that databases are at the heart of Information Systems (IS) and store confidential business or private records. Ensuring the integrity of sensitive records is highly required and even vital in critical systems (e-health, clouds, e-government, big data, e-commerce, etc.,). The access control is a key mechanism for ensuring the integrity and preserving the privacy in large scale and critical infrastructures. Nonetheless, excessive, unused and abused access privileges are identified as most critical threats in the top ten database security threats according to 2013-2015 Imperva Application Defense Center reports. To address this issue, we focus in this paper on the analysis of the integrity of access control policies within relational databases. We propose a rigorous and complete solution to help security architects verifying the correspondence between the security planning and its concrete implementation. We define a formal framework for detecting non-compliance anomalies in concrete Role Based Access Control (RBAC) policies. We rely on an example to illustrate the relevance of our contribution
42
Prajapati, Y. N., and M. K. Srivastava. "Novel algorithms for protective digital privacy." IAES International Journal of Robotics and Automation (IJRA) 8, no. 3 (September 1, 2019): 184. http://dx.doi.org/10.11591/ijra.v8i3.pp184-188.
Full textAbstract:
Video is the recording, reproducing, or broadcasting of moving visual images. Visual multimedia source that combines a sequence of images to form a moving picture. The video transmits a signal to a screen and processes the order in which the screen captures should be shown. Videos usually have audio components that correspond with the pictures being shown on the screen. Video compression technologies are about reducing and removing redundant video data so that a digital video file can be effectively sent over a network and stored on computer disks. With efficient compression techniques, a significant reduction in file size can be achieved with little or no adverse effect on the visual quality. The video quality, however, can be affected if the file size is further lowered by raising the compression level for a given compression technique. Security is about the protection of assets. Security, in information technology <a href="http://searchdatacenter.techtarget.com/definition/IT">(IT), </a>is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of <a href="http://searchsecurity.techtarget.com/definition/security-policy">security policies, </a>software tools and IT services. Security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Cryptography is closely related to the disciplines of <a href="http://searchsecurity.techtarget.com/definition/cryptology">cryptology </a>and <a href="http://searchsecurity.techtarget.com/definition/cryptanalysis">cryptanalysis. </a>Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with scrambling <a href="http://searchsecurity.techtarget.com/definition/plaintext">plaintext </a>(ordinary text, sometimes referred to as clear text into <a href="http://searchcio-midmarket.techtarget.com/definition/ciphertext">cipher text </a>(a process called <a href="http://searchsecurity.techtarget.com/definition/encryption">encryption), </a>then back again (known as decryption). Cryptography is evergreen and developments. Cryptography protects users by providing functionality for the encryption of data and authentication of other users. Compression is the process of reducing the number of bits or bytes needed to represent a given set of data. It allows saving more data. The project aims to implement security algorithm for data security. The data will be first encrypted using security techniques and that are done at the same time then it takes less processing time and more speed compression techniques will applied. If encryption and compression are done at the same time then it takes less processing time and more speed.
43
Annane, Boubakeur, and Alti Adel. "Proxy-3S." International Journal of Information Security and Privacy 16, no. 1 (January 2022): 1–38. http://dx.doi.org/10.4018/ijisp.2022010116.
Full textAbstract:
Virtualization plays a key role in the area of Mobile Cloud Computing (MCC). In MCC, the protection of distributed VMs and mobile users’ sensitive data, in terms of security and privacy, is highly required. This paper presents a novel cloud proxy known as Three Policies Secure Cloud Proxy (Proxy-3S) that combines three security policies: VM users’ access control, VMs’ secure allocation and VMs’ secure communication. The proposed approach aims to keep the distributed VMs safe in different servers on the cloud. It enhances the access authorization to permit intensive distributed application tasks on the cloud or mobile devices while processing and communicating private information between VMs. Furthermore, an algorithm that enables secure communication among distributed VMs and protection of sensitive data in VMs on the cloud is proposed. Several experiments were conducted using a real-world healthcare distributed application. The experiments achieved promising results for high-level data protection and good efficiency rating compared to existing works.
44
Becker, Jonathan D., and Douglas A. Levin. "Like Moths to a Flame: Unsecured Networks, Tech-Savvy Students, and District Policy." Journal of Cases in Educational Leadership 23, no. 2 (January 10, 2020): 47–59. http://dx.doi.org/10.1177/1555458919899458.
Full textAbstract:
School systems collect and maintain increasingly significant amounts of data and information on students, faculty, and staff and have a duty of care to ensure that sensitive information remains secure. Therefore, sitting and/or aspiring school leaders need to develop at least a basic understanding of data privacy and information security considerations. In this case, students discover a way to log in to internal district information systems and gain access to sensitive school and district data and information. School and district leaders are faced with the challenge of how to respond to such an information security breach and how to discipline the students. This case should cause sitting and/or aspiring school leaders to think deeply about and examine technology policies, information security protocols, as well as related school discipline policies.
45
Kokas, Aynne. "Platform Patrol: China, the United States, and the Global Battle for Data Security." Journal of Asian Studies 77, no. 4 (November 2018): 923–33. http://dx.doi.org/10.1017/s0021911818002541.
Full textAbstract:
In Apple CEO Tim Cook's keynote speech at the Chinese government's 2017 World Internet Conference, he extolled the values of “Privacy. Security. Decency” (Apple Newsroom 2017). The last two terms, “security” and “decency,” have long been closely associated with Chinese government efforts to control the Internet. Indeed, in 2017 Apple agreed to turn over user data to Chinese government servers and start a Chinese provincial government-run data storage center. Yet in 2015, Apple refused to turn over the passcode for one user in the United States during the FBI investigation following the San Bernardino terrorist attacks. The company's different policies in the United States and China relate directly back to Apple's concern for market share and access.
46
Fadrique, Laura X., Dia Rahman, Hélène Vaillancourt, Paul Boissonneault, Tania Donovska, and Plinio P. Morita. "Overview of Policies, Guidelines, and Standards for Active Assisted Living Data Exchange: Thematic Analysis." JMIR mHealth and uHealth 8, no. 6 (June 22, 2020): e15923. http://dx.doi.org/10.2196/15923.
Full textAbstract:
Background A primary concern for governments and health care systems is the rapid growth of the aging population. To provide a better quality of life for the elderly, researchers have explored the use of wearables, sensors, actuators, and mobile health technologies. The term AAL can be referred to as active assisted living or ambient assisted living, with both sometimes used interchangeably. AAL technologies describes systems designed to improve the quality of life, aid in independence, and create healthier lifestyles for those who need assistance at any stage of their lives. Objective The aim of this study was to understand the standards and policy guidelines that companies use in the creation of AAL technologies and to highlight the gap between available technologies, standards, and policies and what should be available for use. Methods A literature review was conducted to identify critical standards and frameworks related to AAL. Interviews with 15 different stakeholders across Canada were carried out to complement this review. The results from interviews were coded using a thematic analysis and then presented in two workshops about standards, policies, and governance to identify future steps and opportunities regarding AAL. Results Our study showed that the base technology, standards, and policies necessary for the creation of AAL technology are not the primary problem causing disparity between existing and accessible technologies; instead nontechnical issues and integration between existing technologies present the most significant issue. A total of five themes have been identified for further analysis: (1) end user and purpose; (2) accessibility; (3) interoperability; (4) data sharing; and (5) privacy and security. Conclusions Interoperability is currently the biggest challenge for the future of data sharing related to AAL technology. Additionally, the majority of stakeholders consider privacy and security to be the main concerns related to data sharing in the AAL scope. Further research is necessary to explore each identified gap in detail.
47
Kamoun, Faouzi, and Mathew Nicho. "Human and Organizational Factors of Healthcare Data Breaches." International Journal of Healthcare Information Systems and Informatics 9, no. 1 (January 2014): 42–60. http://dx.doi.org/10.4018/ijhisi.2014010103.
Full textAbstract:
Over the past few years, concerns related to healthcare data privacy have been mounting since healthcare information has become more digitized, distributed and mobile. However, very little is known about the root cause of data breach incidents; making it difficult for healthcare organizations to establish proper security controls and defenses. Through a systematic review and synthesis of data breaches literature, and using databases of earlier reported healthcare data breaches, the authors re-examine and analyze the causal factors behind healthcare data breaches. The authors then use the Swiss Cheese Model (SCM) to shed light on the technical, organizational and human factors of these breaches. The author's research suggests that incorporating the SCM concepts into the healthcare security policies and procedures can assist healthcare providers in assessing the vulnerabilities and risks associated with the maintenance and transmission of protected health information.
48
Taschner, John B. "Data Profiteering: Corporate Social Responsibility and Privacy Law Lost in Data Monetization and National Security." American Journal of Trade and Policy 7, no. 1 (August 21, 2020): 37—xx. http://dx.doi.org/10.18034/ajtp.v7i1.484.
Full textAbstract:
Data mining and collecting is increasingly becoming a common practice, in the name of monetization of personal data, progression of national security measures, and politically fueled democratic interferences. Millions of users’ data is constantly being sorted, manipulated, and sold, often without conscientious consent of the consumer. While this practice can result in greater convenience from an innocent consumer level, the vulnerabilities to national privacy and the cyberspace create dangerous territory.
The article entitled describes the triangulation of security, monetization, and politicizing in terms of data collection through three primary case studies: Cambridge Analytica and the Facebook scandal during the 2016 United States presidential election, Apple v. FBI, and Edward Snowden and the NSA surveillance activities. It explores how data harvesting and subsequent monetization is embedded in virtually every aspect of our culture and develops understanding of how corporate social responsibility calls for companies to respect and maintain transparency with consumer interests.
Current technology policies leaves open spaces for violation both internally and internationally, and why this constitutes certain offensive measures. Future data and privacy legislation, with strong consideration to the varying social contexts, resources, and current international relations. This is done under the underlying assumption that data is an irreplaceable factor in our global progression and is irrevocably embedded into our society. Over-regulation or under-regulation of big tech may lead to negative repercussions to our security or individual privacy rights.
These ideas are becoming increasingly understood by the general public and are considered worthy of concern after seeing glimpses of the depth of surveillance and information held by either the government or corporations. While there are intense emotions and opinions on the matter, my article takes an objective and well-rounded perspective to address the interlocking complexities of individual freedoms, need for international cyberspace protection, and continued profitability of data. The idea of personal data and information being manipulated and used against citizens for financial or political agendas is rightfully horrifying the public; my article therefore takes into account these concerns while suggesting further navigating the political, legal, and social process in alignment with the ever-growing power of big data.
49
Nikolova, Evgeniya, Mariya Monova-Zheleva, and Yanislav Zhelev. "Personal Data Processing in a Digital Educational Environment." Mathematics and Informatics LXV, no. 4 (August 30, 2022): 365–78. http://dx.doi.org/10.53656/math2022-4-4-per.
Full textAbstract:
New technologies provide innovative spaces for cooperation and communication between employers and employees, citizens and structures, educators, and learners. Data protection issues have always been key to education providers, but the proliferation of online learning forms and formats poses new and unique challenges in this regard. When introducing a new technology that involves the collection of sensitive data, the General Data Protection Regulation (GDPR) of the European Parliament and the Council of the European Union requires the identification and mitigation of all risks that could lead to the misuse of personal data. The article discusses some critical points regarding the application of GDPR in online learning. The goal of this article is to investigate the vulnerabilities to personal data security during online learning and to identify methods that schools and universities may apply to ensure that personal data are kept private while students utilize online platforms to learn. For the purposes of the research, the published privacy, and data protection policies of all Bulgarian universities as well as papers on how universities could adapt to the new EU General Data Protection Regulation were revised and analysed. Best practices of some foreign universities in this regard were studied as well.
50
Arellano, April Moreno, Wenrui Dai, Shuang Wang, Xiaoqian Jiang, and Lucila Ohno-Machado. "Privacy Policy and Technology in Biomedical Data Science." Annual Review of Biomedical Data Science 1, no. 1 (July 20, 2018): 115–29. http://dx.doi.org/10.1146/annurev-biodatasci-080917-013416.
Full textAbstract:
Privacy is an important consideration when sharing clinical data, which often contain sensitive information. Adequate protection to safeguard patient privacy and to increase public trust in biomedical research is paramount. This review covers topics in policy and technology in the context of clinical data sharing. We review policy articles related to ( a) the Common Rule, HIPAA privacy and security rules, and governance; ( b) patients’ viewpoints and consent practices; and ( c) research ethics. We identify key features of the revised Common Rule and the most notable changes since its previous version. We address data governance for research in addition to the increasing emphasis on ethical and social implications. Research ethics topics include data sharing best practices, use of data from populations of low socioeconomic status (SES), recent updates to institutional review board (IRB) processes to protect human subjects’ data, and important concerns about the limitations of current policies to address data deidentification. In terms of technology, we focus on articles that have applicability in real world health care applications: deidentification methods that comply with HIPAA, data anonymization approaches to satisfy well-acknowledged issues in deidentified data, encryption methods to safeguard data analyses, and privacy-preserving predictive modeling. The first two technology topics are mostly relevant to methodologies that attempt to sanitize structured or unstructured data. The third topic includes analysis on encrypted data. The last topic includes various mechanisms to build statistical models without sharing raw data.