Pub Date : 2017-10-02DOI: 10.1080/15536548.2017.1419018
Zareef A. Mohammed, G. Tejay, Joseph Squillace
ABSTRACT This study examines the privacy practices of organizations. We argue that successful deployment of privacy practices based on ethical actions will strengthen privacy protection measures to better protect clients’ PII. We propose a set of ethical actions based on six normative theories following multiple case study approach to study three prominent data breaches. Our analysis indicates that ethical actions based on normative theories can be effective in developing better privacy practices for organizations. The theory that has the strongest effect on privacy practices is the deontological approach, while the liberal-intuitive has the weakest effect on privacy practices.
{"title":"Utilizing normative theories to develop ethical actions for better privacy practices","authors":"Zareef A. Mohammed, G. Tejay, Joseph Squillace","doi":"10.1080/15536548.2017.1419018","DOIUrl":"https://doi.org/10.1080/15536548.2017.1419018","url":null,"abstract":"ABSTRACT This study examines the privacy practices of organizations. We argue that successful deployment of privacy practices based on ethical actions will strengthen privacy protection measures to better protect clients’ PII. We propose a set of ethical actions based on six normative theories following multiple case study approach to study three prominent data breaches. Our analysis indicates that ethical actions based on normative theories can be effective in developing better privacy practices for organizations. The theory that has the strongest effect on privacy practices is the deontological approach, while the liberal-intuitive has the weakest effect on privacy practices.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"117 1","pages":"296 - 315"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79082392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-02DOI: 10.1080/15536548.2017.1397263
Ashley A. Cain, J. Still
ABSTRACT We present a Rapid, Serial, Visual Presentation method (RSVP) for recognition-based graphical authentication. It presents a stream of rapid, degraded images, which makes the object recognition process difficult for casual attackers. Three studies investigated success rates for authenticating, RSVP’s resistance to over-the-shoulder attacks (OSAs), approaches for facilitating learnability, and effects of resetting a passcode. We found that participants could successfully authenticate and could not complete OSAs. Learnability was promoted by the presentation of degraded versions of the images during the memorization phase. When a passcode was reset, participants successfully retrained themselves even when the previous passcode was recycled as distractors.
{"title":"RSVP a temporal method for graphical authentication","authors":"Ashley A. Cain, J. Still","doi":"10.1080/15536548.2017.1397263","DOIUrl":"https://doi.org/10.1080/15536548.2017.1397263","url":null,"abstract":"ABSTRACT We present a Rapid, Serial, Visual Presentation method (RSVP) for recognition-based graphical authentication. It presents a stream of rapid, degraded images, which makes the object recognition process difficult for casual attackers. Three studies investigated success rates for authenticating, RSVP’s resistance to over-the-shoulder attacks (OSAs), approaches for facilitating learnability, and effects of resetting a passcode. We found that participants could successfully authenticate and could not complete OSAs. Learnability was promoted by the presentation of degraded versions of the images during the memorization phase. When a passcode was reset, participants successfully retrained themselves even when the previous passcode was recycled as distractors.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"57 1","pages":"226 - 237"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83097100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-02DOI: 10.1080/15536548.2017.1394064
Razieh Nokhbeh Zaeem, Suzanne Barber
ABSTRACT Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.
{"title":"A study of web privacy policies across industries","authors":"Razieh Nokhbeh Zaeem, Suzanne Barber","doi":"10.1080/15536548.2017.1394064","DOIUrl":"https://doi.org/10.1080/15536548.2017.1394064","url":null,"abstract":"ABSTRACT Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"43 1","pages":"169 - 185"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84982831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-10-02DOI: 10.1080/15536548.2017.1394070
Russell Lange, Eric W. Burger
ABSTRACT This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.
{"title":"Long-term market implications of data breaches, not","authors":"Russell Lange, Eric W. Burger","doi":"10.1080/15536548.2017.1394070","DOIUrl":"https://doi.org/10.1080/15536548.2017.1394070","url":null,"abstract":"ABSTRACT This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"90 1","pages":"186 - 206"},"PeriodicalIF":0.8,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81518220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1080/15536548.2017.1357381
Chuleeporn Changchit, K. Bagchi
This is the third issue of 2017. I am glad to see that the journal continues to grow and we have begun to see articles submitted from many countries of the world as well as a variety of topics. The current issue includes a wide spectrum of articles. The main focus lies on the issues of protecting consumers’ privacy as well as strengthening the security by using a stronger password. The first article titled “Detecting and Preventing Inference Attacks in Online Social Networks: A DataDriven and Holistic Framework” by Xiaoyun He and Haibing Lu proposed a framework to alleviate the rule-based inference problem by detecting and breaking the inferences that are represented as rules of attributes and/or attribute values. The authors believed that the proposed framework should enable individual users to check their online profiles for satisfaction of their privacy preferences and allow them tomodify profiles to prevent the disclosure of private information. In this article, the authors also proposed a novel method to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility. In the second article titled “Invasion of Privacy by Smart Meters: An Analysis of Consumer Concerns,” the authors ZiyueHuang andPrashant Palvia developed an instrument tomeasure the consumers’ concerns for information privacy (CFIP) in adopting smart meters. They then proposed a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Based on the data collected from 217 survey respondents, the study findings revealed that consumers’ information privacy concerns about adopting smart meters can be measured by three dimensions: collection, secondary use, and improper access. In addition, the effect of information privacy concerns on behavioral intention is fully mediated by risk beliefs. The result also suggested that among the control variables, education has a positive effect on intention, while privacy experience has a negative effect. The third article titled “Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength” by Randall J. Boyle, Chandrashekar D. Challa, and Jeffrey A. Clements focused on the influence of user engagement on users’ information security practices. The study took a closer look at the passwords people are using. The authors pointed out that password strength is affected by some factors, such as the length of the password, the types of characters people used, the number of duplicate passwords, and the number of uncrackable passwords. The main focus of this study is to understand why some people choose better passwords than others. The findings generally support the view that higher levels of engagement are associated with stronger passwords. In the Book Review section, FarukArslan reviews the book titledWeapons ofMathDestruction: HowBig Data Increases Inequality and Threatens Demo
这是2017年的第三期。我很高兴看到杂志继续发展,我们已经开始看到来自世界许多国家的文章,以及各种各样的主题。这一期包括各种各样的文章。主要的焦点在于保护消费者的隐私以及通过使用更强的密码来加强安全性的问题。第一篇文章《在线社交网络中的推理攻击检测与预防:一个数据驱动的整体框架》由何晓云和陆海兵提出了一个框架,通过检测和破坏以属性和/或属性值规则表示的推理来缓解基于规则的推理问题。作者认为,建议的框架应该使个人用户能够检查他们的在线个人资料,以满足他们的隐私偏好,并允许他们修改个人资料,以防止私人信息泄露。在本文中,作者还提出了一种新的方法来减少对用户配置文件的修改,以防止推理攻击,同时保持实用性。在第二篇题为“智能电表对隐私的侵犯:消费者关注的分析”的文章中,作者ZiyueHuang和prashant Palvia开发了一种工具来衡量消费者在采用智能电表时对信息隐私的关注(CFIP)。然后,他们提出了一个概念模型来检验隐私问题、信任信念、风险信念和采用智能电表的意图之间的关系。根据217名调查对象的数据,研究结果显示,消费者对采用智能电表的信息隐私担忧可以从三个维度来衡量:收集、二次使用和不当访问。此外,信息隐私关注对行为意向的影响完全由风险信念介导。结果还表明,在控制变量中,教育程度对意向有正向影响,隐私体验对意向有负向影响。第三篇文章题为“重视信息安全:用户参与对信息安全强度的影响”,作者是Randall J. Boyle、Chandrashekar D. Challa和Jeffrey A. Clements,重点关注用户参与对用户信息安全实践的影响。这项研究仔细研究了人们使用的密码。作者指出,密码强度受到一些因素的影响,比如密码的长度、人们使用的字符类型、重复密码的数量以及不可破解密码的数量。这项研究的主要重点是了解为什么有些人比其他人选择更好的密码。研究结果普遍支持这样一种观点,即用户参与度越高,密码越强。在书评部分,FarukArslan评论了Cathy O 'Neil的《数学毁灭武器:大数据如何加剧不平等并威胁民主》一书。本书由10章组成,讨论了数据科学应用的不足。总的来说,Arslan博士发现这本书是一本有趣的,写得很好,书中包含了许多现实生活中的例子,对于研究人员和从业者来说都是一样的。在他看来,这本书应该被纳入任何专注于数据科学的严肃学术课程。
{"title":"Privacy protection and adding security strength","authors":"Chuleeporn Changchit, K. Bagchi","doi":"10.1080/15536548.2017.1357381","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357381","url":null,"abstract":"This is the third issue of 2017. I am glad to see that the journal continues to grow and we have begun to see articles submitted from many countries of the world as well as a variety of topics. The current issue includes a wide spectrum of articles. The main focus lies on the issues of protecting consumers’ privacy as well as strengthening the security by using a stronger password. The first article titled “Detecting and Preventing Inference Attacks in Online Social Networks: A DataDriven and Holistic Framework” by Xiaoyun He and Haibing Lu proposed a framework to alleviate the rule-based inference problem by detecting and breaking the inferences that are represented as rules of attributes and/or attribute values. The authors believed that the proposed framework should enable individual users to check their online profiles for satisfaction of their privacy preferences and allow them tomodify profiles to prevent the disclosure of private information. In this article, the authors also proposed a novel method to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility. In the second article titled “Invasion of Privacy by Smart Meters: An Analysis of Consumer Concerns,” the authors ZiyueHuang andPrashant Palvia developed an instrument tomeasure the consumers’ concerns for information privacy (CFIP) in adopting smart meters. They then proposed a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Based on the data collected from 217 survey respondents, the study findings revealed that consumers’ information privacy concerns about adopting smart meters can be measured by three dimensions: collection, secondary use, and improper access. In addition, the effect of information privacy concerns on behavioral intention is fully mediated by risk beliefs. The result also suggested that among the control variables, education has a positive effect on intention, while privacy experience has a negative effect. The third article titled “Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength” by Randall J. Boyle, Chandrashekar D. Challa, and Jeffrey A. Clements focused on the influence of user engagement on users’ information security practices. The study took a closer look at the passwords people are using. The authors pointed out that password strength is affected by some factors, such as the length of the password, the types of characters people used, the number of duplicate passwords, and the number of uncrackable passwords. The main focus of this study is to understand why some people choose better passwords than others. The findings generally support the view that higher levels of engagement are associated with stronger passwords. In the Book Review section, FarukArslan reviews the book titledWeapons ofMathDestruction: HowBig Data Increases Inequality and Threatens Demo","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"39 1","pages":"103 - 103"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74660056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1080/15536548.2017.1357383
Xiaoyun He, Haibing Lu
ABSTRACT With increasing user involvement, social networks nowadays serve as a repository of all kinds of information. While there have been various studies demonstrating that private information can be inferred from social networks, few have taken a holistic view on designing mechanisms to detect and alleviate the inference attacks. In this study, we present a framework that leverages the social network data and data mining techniques to proactively detect and prevent possible inference attacks against users. A novel method is proposed to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility.
{"title":"Detecting and preventing inference attacks in online social networks: A data-driven and holistic framework","authors":"Xiaoyun He, Haibing Lu","doi":"10.1080/15536548.2017.1357383","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357383","url":null,"abstract":"ABSTRACT With increasing user involvement, social networks nowadays serve as a repository of all kinds of information. While there have been various studies demonstrating that private information can be inferred from social networks, few have taken a holistic view on designing mechanisms to detect and alleviate the inference attacks. In this study, we present a framework that leverages the social network data and data mining techniques to proactively detect and prevent possible inference attacks against users. A novel method is proposed to minimize the modifications to user profiles in order to prevent inference attacks while preserving the utility.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"34 1","pages":"104 - 119"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81957611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1080/15536548.2017.1357385
Ziyue Huang, Prashant C. Palvia
ABSTRACT While smart meters offer an innovative way to solve energy problems, they have also brought concerns regarding consumer privacy. In this study, we develop an instrument to measure the consumers’ concerns for information privacy (CFIP) in adopting smart meters, and propose a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Using both focus group study and survey methods, we show that CFIP can be measured by three dimensions: collection, secondary use, and improper access, and that the effect of CFIP on behavioral intention is fully mediated by risk beliefs.
{"title":"Invasion of privacy by smart meters: An analysis of consumer concerns","authors":"Ziyue Huang, Prashant C. Palvia","doi":"10.1080/15536548.2017.1357385","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357385","url":null,"abstract":"ABSTRACT While smart meters offer an innovative way to solve energy problems, they have also brought concerns regarding consumer privacy. In this study, we develop an instrument to measure the consumers’ concerns for information privacy (CFIP) in adopting smart meters, and propose a conceptual model to examine the relationship between privacy concerns, trusting beliefs, risk beliefs, and intention to adopt smart meters. Using both focus group study and survey methods, we show that CFIP can be measured by three dimensions: collection, secondary use, and improper access, and that the effect of CFIP on behavioral intention is fully mediated by risk beliefs.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"120 - 136"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80868750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1080/15536548.2017.1357388
Faruk Arslan
Data science has become one of the prominent topics both in academia and in industry in the recent years. With the growing capability of big data technologies coupled with many extant quantitative ...
{"title":"Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, by Cathy O’Neil","authors":"Faruk Arslan","doi":"10.1080/15536548.2017.1357388","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357388","url":null,"abstract":"Data science has become one of the prominent topics both in academia and in industry in the recent years. With the growing capability of big data technologies coupled with many extant quantitative ...","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"31 1","pages":"157 - 159"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78063633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-07-03DOI: 10.1080/15536548.2017.1357387
Randall J. Boyle, Chandrashekar D. Challa, Jeffrey A. Clements
ABSTRACT This study looks at the influence of user engagement on users’ information security practices. A model describing how user engagement (user posts) may influence a person’s decision to employ better security measures (stronger passwords) is tested. Password strength was determined by looking at password length, the types of characters used, the variety of character sequences used, the number of duplicate passwords, and the number of uncrackable passwords. Passwords were tested using a variety of cracking techniques. This study found that individuals from an online gaming site who made more posts to the user forum employed stronger passwords.
{"title":"Valuing Information Security: A Look at the Influence of User Engagement on Information Security Strength","authors":"Randall J. Boyle, Chandrashekar D. Challa, Jeffrey A. Clements","doi":"10.1080/15536548.2017.1357387","DOIUrl":"https://doi.org/10.1080/15536548.2017.1357387","url":null,"abstract":"ABSTRACT This study looks at the influence of user engagement on users’ information security practices. A model describing how user engagement (user posts) may influence a person’s decision to employ better security measures (stronger passwords) is tested. Password strength was determined by looking at password length, the types of characters used, the variety of character sequences used, the number of duplicate passwords, and the number of uncrackable passwords. Passwords were tested using a variety of cracking techniques. This study found that individuals from an online gaming site who made more posts to the user forum employed stronger passwords.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"25 5","pages":"137 - 156"},"PeriodicalIF":0.8,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72593771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-04-03DOI: 10.1080/15536548.2017.1322415
C. Serrão, Elsa Cardoso
ABSTRACT Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data.
{"title":"Handling confidentiality and privacy on cloud-based health information systems","authors":"C. Serrão, Elsa Cardoso","doi":"10.1080/15536548.2017.1322415","DOIUrl":"https://doi.org/10.1080/15536548.2017.1322415","url":null,"abstract":"ABSTRACT Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"69 1","pages":"51 - 68"},"PeriodicalIF":0.8,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81410868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: