Search results

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.

The purpose of this paper is to demonstrate privacy concerns arising from the rapidly increasing advancements and use of artificial intelligence (AI) technology and the challenges of existing privacy regimes to ensure the on-going protection of an individual’s sensitive private information. The authors illustrate this through a case study of energy smart meters and suggest a novel combination of four solutions to strengthen privacy protection.

The authors illustrate how, through smart meter obtained energy data, home energy providers can use AI to reveal private consumer information such as households’ electrical appliances, their time and frequency of usage, including number and model of appliance. The authors show how this data can further be combined with other data to infer sensitive personal information such as lifestyle and household income due to advances in AI technologies.

The authors highlight data protection and privacy concerns which are not immediately obvious to consumers due to the capabilities of advanced AI technology and its ability to extract sensitive personal information when applied to large overlapping granular data sets.

The authors question the adequacy of existing privacy legislation to protect sensitive inferred consumer data from AI-driven technology. To address this, the authors suggest alternative solutions.

The original value of this paper is that it illustrates new privacy issues brought about by advances in AI, failings in current privacy legislation and implementation and opens the dialog between stakeholders to protect vulnerable consumers.

In many security domains, the ‘human in the system’ is often a critical line of defence in identifying, preventing and responding to any threats (Saikayasit, Stedmon, & Lawson, 2015). Traditionally, such security domains are often focussed on mainstream public safety within crowded spaces and border controls, through to identifying suspicious behaviours, hostile reconnaissance and implementing counter-terrorism initiatives. More recently, with growing insecurity around the world, organisations have looked to improve their security risk management frameworks, developing concepts which originated in the health and safety field to deal with more pressing risks such as terrorist acts, abduction and piracy (Paul, 2018). In these instances, security is usually the specific responsibility of frontline personnel with defined roles and responsibilities operating in accordance with organisational protocols (Saikayasit, Stedmon, Lawson, & Fussey, 2012; Stedmon, Saikayasit, Lawson, & Fussey, 2013). However, understanding the knowledge that frontline security workers might possess and use requires sensitive investigation in equally sensitive security domains.

This chapter considers how to investigate knowledge elicitation in these sensitive security domains and underlying ethics in research design that supports and protects the nature of investigation and end-users alike. This chapter also discusses the criteria used for ensuring trustworthiness as well as assessing the relative merits of the range of methods adopted.

The purpose of this paper is to focus on the methodological challenges in the design and implementation of an emotionally sensitive topic involving research with adolescents based on a study evaluating the experiences of adolescents and families facing a diagnosis of maternal cancer.

This conceptual paper builds an argument based on experiences from the field of qualitative data collection with adolescents and builds on arguments that were identified in the literature to provide with a detailed argument on the methodological challenges that researchers can face while undertaking sensitive research with young people.

Carrying out research on sensitive topics is challenging because rigour can be affected by real people experiencing pain, sorrow and other emotions linked to sensitive and difficult moments in their lives. Researchers need to decide how they will deal with the emotional impact that these topics can have on them as people but also continue to carry out high quality research.

This paper adds to the current body of knowledge by describing the challenges faced in the field carrying out data on sensitive issues with adolescents but it also provides alternatives and solutions on how these limitations can be overcome from early stages of the research design until the dissemination of results.

The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.

This study aims to examine the relative effectiveness of functional and financial remedies in influencing customers' negative coping responses in the event of a data breach. It also uncovers the different mediating roles played by customers' feelings of anger and fear in the process of data breach recovery. This study thus differs from the literature, which has primarily focused on the impact of financial compensation and apologies for service failures in face-to-face environments.

Two scenario-based experiments were conducted to empirically validate the model. The authors received 302 copies of the questionnaire, of which 269 were valid.

This study finds that functional remedies are more effective than financial remedies when sensitive information has been compromised, but there is no significant difference between the effectiveness of the two remedies when nonsensitive information has been compromised. In addition, functional remedies influence negative coping behaviors directly and indirectly; the indirect effect is achieved through the reduction of fear and anger. Contrary to the authors' expectation, financial remedies do not have a direct effect on negative coping behaviors; they can indirectly affect negative coping behaviors by reducing anger but do not affect negative coping behaviors by reducing fear.

This study provides key insights into how to manage customer reactions in the event of a data breach, suggesting the use of carefully designed recovery strategies. Companies must attend to customers' specific emotional responses to manage their negative coping behaviors.

This study extends the limited literature on data breach recovery actions by investigating the different effectiveness of functional and financial remedies in the event of a data breach. It also uncovers how functional and financial recovery strategies affect customers' negative coping behaviors by revealing the different mediating effects of fear and anger.

This study aims to assist organizations to protect the privacy of their users and the security of the data that they store and process. Users may be the customers of the organization (people using the offered services) or the employees (users who operate the systems of the organization). To be more specific, this paper proposes a privacy impact assessment (PIA) method that explicitly takes into account the organizational characteristics and employs a list of well-defined metrics as input, demonstrating its applicability to two hospital information systems with different characteristics.

This paper presents a PIA method that employs metrics and takes into account the peculiarities and other characteristics of the organization. The applicability of the method has been demonstrated on two Hospital Information Systems with different characteristics. The aim is to assist the organizations to estimate the criticality of potential privacy breaches and, thus, to select the appropriate security measures for the protection of the data that they collect, process and store.

The results of the proposed PIA method highlight the criticality of each privacy principle for every data set maintained by the organization. The method employed for the calculation of the criticality level, takes into account the consequences that the organization may experience in case of a security or privacy violation incident on a specific data set, the weighting of each privacy principle and the unique characteristics of each organization. So, the results of the proposed PIA method offer a strong indication of the security measures and privacy enforcement mechanisms that the organization should adopt to effectively protect its data.

The novelty of the method is that it handles security and privacy requirements simultaneously, as it uses the results of risk analysis together with those of a PIA. A further novelty of the method is that it introduces metrics for the quantification of the requirements and also that it takes into account the specific characteristics of the organization.

The paper proposes a privacy-preserving artificial intelligence-enabled video surveillance technology to monitor social distancing in public spaces.

The paper proposes a new Responsible Artificial Intelligence Implementation Framework to guide the proposed solution's design and development. It defines responsible artificial intelligence criteria that the solution needs to meet and provides checklists to enforce the criteria throughout the process. To preserve data privacy, the proposed system incorporates a federated learning approach to allow computation performed on edge devices to limit sensitive and identifiable data movement and eliminate the dependency of cloud computing at a central server.

The proposed system is evaluated through a case study of monitoring social distancing at an airport. The results discuss how the system can fully address the case study's requirements in terms of its reliability, its usefulness when deployed to the airport's cameras, and its compliance with responsible artificial intelligence.

The paper makes three contributions. First, it proposes a real-time social distancing breach detection system on edge that extends from a combination of cutting-edge people detection and tracking algorithms to achieve robust performance. Second, it proposes a design approach to develop responsible artificial intelligence in video surveillance contexts. Third, it presents results and discussion from a comprehensive evaluation in the context of a case study at an airport to demonstrate the proposed system's robust performance and practical usefulness.

Over the past decade, the number of people engaging with social media has grown rapidly. This means that social media platforms such as Twitter and Facebook are potentially good sources of rich, naturally occurring data. As a result, a growing number of researchers are utilizing these platforms for the collection of data on any number of topics. To date, no consistent approach to the ethics of using social media data has been provided to researchers in this sphere. This chapter presents research that has developed an ethics framework for the use of researchers working with social media data. The chapter also presents the framework itself and guidance on how to use the framework when conducting social media research. A full report can be accessed on: http://www.abdn.ac.uk/socsci/research/new-europe-centre/information-societies-projects-225.php

This paper aims to propose a framework for how privacy-preserving technologies (PETs) create business value for organizations. The framework was developed by examining the literature on privacy and information technology’s impact (symbolic and function). The authors evaluate the framework’s applicability using multiparty computation (MPC) as an instance of PETs, with expert interviews in the telecommunication industry.

In an illustrative case of four telecommunication companies, the authors conducted semi-structured interviews with experts and used MPC as an instance of PET.

The evaluation of the framework indicates that PETs create business value for organizations: enhancing customer interactions, sales, personalized services, predicting market trends and collaboration among organizations. The findings show that business value of PETs is mainly driven by consumers and organizations willing to share data and collaborate.

This study was limited to the telecom sector and focused on MPC as an instance of PET. Further studies should be conducted to explore the benefits of other PETs and MPC. Future research could find out if this framework is also helpful for implementing other PETs or even other types of technology. The authors’ framework provides factors that future studies can use to quantify the impact of PETs. The authors hope that this framework provides an overarching reference for organizations considering the adoption of PETs.

The authors’ findings inform managers in exploring the business value of PETs for organizations. This study also provides insights into which costs and risks to consider when implementing PETs.

This study is one of the few to propose a framework on how PETs create business value for organizations. Future research can use factors in the framework (e.g. customer interactions, sales, personalized services and market trend prediction) to conduct a quantitative study on PETs’ business value. Managers adopting PETs can use the framework to identify areas where PETs impact their organization.