| 1. |
- Mayer, Peter, et al.
(författare)
-
Reliable behavioural factors in the information security context
- 2017
-
Ingår i: ARES '17 Proceedings of the 12th International Conference on Availability, Reliability and Security. - New York : Association for Computing Machinery (ACM). - 9781450352574
-
Konferensbidrag (refereegranskat)abstract
- Users do often not behave securely when using information technology. Many studies have tried to identify the factors of behavioural theories which can increase secure behaviour. The goal of this work is to identify which of the factors are reliably associated with secure behaviour across multiple studies. Those factors are of interest to information security professionals since addressing them in security awareness and education campaigns can help improving security related processes of users. To attain our goal, we conducted a systematic literature review and assessed the reliability of the factors based on the effect sizes reported in the literature. Our results indicate that 11 out of the 14 factors from well established behavioural theories can be associated with reliable effects in the information security context. These factors cover very different aspects: influence of the users skills, whether the environment makes it possible to exhibit secure behaviour, the influence of friends or co-workers, and the perceived properties of the secure behaviour (e.g. response cost). Also, we identify areas, where more studies are needed to increase the confidence of the factors' reliability assessment.
|
|
| 2. |
|
|
| 3. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Implications of Privacy & Security Research for the Upcoming Battlefield of Things
- 2019
-
Ingår i: Journal of Information Warfare. - : Peregrine Technical Solutions, LLC. - 1445-3312. ; 17:4, s. 72-87
-
Tidskriftsartikel (refereegranskat)abstract
- This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. Based on this scenario, the authors discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
|
|
| 4. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Applications of Privacy and Security Research in the Upcoming Battlefield of Things
- 2018
-
Ingår i: Proceedings of the 17th European Conference on Cyber Warfare and Security. - Reading : Academic Conferences and Publishing International Limited. - 9781911218852 - 9781911218869
-
Konferensbidrag (refereegranskat)abstract
- This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
|
|
| 5. |
- Iwaya, Leonardo H
(författare)
-
Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems
- 2016
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.
|
|
| 6. |
- Iwaya, Leonardo H
(författare)
-
Engineering Privacy for Mobile Health Data Collection Systems in the Primary Care
- 2019
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.
|
|
| 7. |
- Iwaya, Leonardo H, et al.
(författare)
-
Mobile Health Systems for Community-Based Primary Care : Identifying Controls and Mitigating Privacy Threats
- 2019
-
Ingår i: JMIR mhealth and uhealth. - CANADA : JMIR Publications. - 2291-5222. ; 7:3, s. 1-16
-
Tidskriftsartikel (refereegranskat)abstract
- Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.
|
|
| 8. |
-
Privacy and Identity Management : The Smart Revolution
- 2018
-
Proceedings (redaktörskap) (refereegranskat)abstract
- This book contains selected papers presented at the 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, held in Ispra, Italy, in September 2017.The 12 revised full papers, 5 invited papers and 4 workshop papers included in this volume were carefully selected from a total of 48 submissions and were subject to a three-phase review process. The papers combine interdisciplinary approaches to bring together a host of perspectives: technical, legal, regulatory, socio-economic, social, societal, political, ethical, anthropological, philosophical, and psychological. They are organized in the following topical sections: privacy engineering; privacy in the era of the smart revolution; improving privacy and security in the era of smart environments; safeguarding personal data and mitigating risks; assistive robots; and mobility and privacy.
|
|
| 9. |
|
|
| 10. |
- Weber, Stefan G, et al.
(författare)
-
Crafting Requirements for Mobile and Pervasive Emergency Response based on Privacy and Security by Design Principles
- 2013
-
Ingår i: International Journal of Information Systems for Crisis Response and Management. - New York : IGI Global. - 1937-9390 .- 1937-9420. ; 5:2, s. 1-18
-
Tidskriftsartikel (refereegranskat)abstract
- According to fundamental principles of the Privacy by Design approach, the consultation of privacy issues should be embedded into analysis and design of information systems, from the early stages of system planning to implementation. In this article, we extend this perspective towards Privacy and Security by Design. Exemplary focusing on mobile and pervasive emergency response, as a specific area of the emergency management domain, this article conveys how the early requirements elicitation can be supported by a semantically integrated conceptual modeling method. Presenting the results of the exemplary executed elicitation processes, it contributes a concrete set of security and privacy requirements for mobile and pervasive emergency response settings. By also taking into account conflicting security goals, this article provides a substantial grounding for the development and deployment of multilaterally secure pervasive ICT that effectively supports emergency management during and in the aftermath of critical response missions.
|
|
