Marketingové využití osobních údajů klientů v bankovnictví / Marketing application of personal data of clients in banking

Šotola, Jiří

January 2012

The master thesis named "Marketing application of personal data of clients in banking" combines themes of personal data and marketing. The first part is devoted to the protection of personal data in general, sources from which financial institution gain data of their clients and support for this in the legislation. The second part deals with specific cases of marketing application of personal data and trying to find the solution of its problematic parts. A large part is devoted to the personal data processing as an core act between processors and data subjects and CRM, as a possible way of client data application.

A secure client/server java application programming interface

Lachheb, Tawfik

01 January 2004

The purpose of this project is to develop a generic Java Application Programming Interface (API) that would be used to provide security and user privacy to functions such as data transfer, key management, digital signature, etc.

Computer security

Data protection

Client/server computing

Java (Computer program language)

Data encryption (Computer science)

Consumer protection

Information Security

Hur påverkas systemutvecklingsprocessen av implementeringen av GDPR / Does the implementation of GDPR affect the system development process?

Andersson, Adam, Syldevik, Christoffer

January 2019

On May 25th 2018 a new general data protection regulation called GDPR took effect. The regulation contains rules regarding usage, storage and handling of data from individuals resident within The European Union. The new regulation caused big headlines regarding the impact GDPR would have on the affected enterprises and organizations. One aspect that hasn’t been mentioned considerably is how GDPR has and will affect the system development process. The difficulty with implementing GDPR has shown to have its origin in the fact that the regulation is fairly new which means that it’s still ambiguous and difficult to apply. That means that there has been room for different takes on GDPR and its rules which has contributed to various opinions on how GDPR should be implemented. The purpose of this thesis was to study how the implementation of GDPR has affected the system development process among enterprises and organizations. The method that has been used in the thesis is a qualitative interview study of two enterprises. The acquired data have been collected mainly from four interviewing persons, two from each enterprise. The data collected from the interviews has been analyzed with the method grounded theory. The conclusion of the thesis is that the system development process has been affected by the implementation of GDPR. The regulation is however not believed to affect the enterprises to the extent that any extensive restructuring has been necessary. Based on the result from the interviews it is rather believable that GDPR actually had a positive effect among the enterprises. The thesis also resulted in a model which illustrates the system development process and the aspects of GDPR considered to have a substantial effect.

System development process

GDPR

Privacy by design

Privacy by default

Data protection

Computer and Information Sciences

Data- och informationsvetenskap

En kommunikativ process? : Arkiv och integritet i processen bakom dataskyddslagen

Bergli, Alicia

January 2019

The aim of this thesis is to examine what kind of archival issues have been discussed in the legislation process that lead to the Swedish national Data Protection Act and the associated regulation with additional terms, if achange in focus occurred during this process and examine how these results show about how legislative actorsview personal privacy. To answer that aim a critical discourse analysis of the legislative documents from theGeneral Data Protection Regulation (GDPR) leading up to the complete legislative acts was used in combinationwith Pekka Henttonens theory about how the nature of privacy issues has changed in a more digitalized environment. A result of the analysis is that the themes of the archival issues that is being discussed in the legislative processis mostly related to general rules, sensitive information, safe guards, further processing, archival materialthat has been submitted to an archive authority, and certain exceptions from some of the rights of the data subject.These themes are being discussed both in relation to those kinds of archives that is governed by archivallegislation and those kinds of archives that are not governed by archival legislation. Another result of the study isthat even though several attempts to affect the legislative process is made by respondents very few changes isactually made after the inquiry report is completed. The last result of the study is that the legislative actors havenot fully changed their view on privacy, even though some aspects of it has changed.This is a two years master’s thesis in Archival Science.

Integrity

archive

data protection

legislation

personal data

Integritet

arkiv

dataskydd

lagstiftning

personuppgifter

Other Humanities not elsewhere specified

Övrig annan humaniora

The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing Perspective

Hanus, Bartlomiej T.

08 1900

This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.

security awareness

policy compliance

phishing

threat avoidance

information security

Data protection.

Computer networks -- Security measures.

Phishing -- Case studies.

Authenticated query processing in the cloud

Xu, Cheng

19 February 2019

With recent advances in data-as-a-service (DaaS) and cloud computing, outsourcing data to the cloud has become a common practice. In a typical scenario, the data owner (DO) outsources the data and delegates the query processing service to a service provider (SP). However, as the SP is often an untrusted third party, the integrity of the query results cannot be guaranteed and is thus imperative to be authenticated. To tackle this issue, a typical approach is letting the SP provide a cryptographic proof, which can be used to verify the soundness and completeness of the query results by the clients. Despite extensive research on authenticated query processing for outsourced databases, existing techniques have only considered limited query types. They fail to address a variety of needs demanded by enterprise customers such as supporting aggregate queries over set-valued data, enforcing fine-grained access control, and using distributed computing paradigms. In this dissertation, we take the first step to comprehensively investigate the authenticated query processing in the cloud that fulfills the aforementioned requirements. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under a wide range of system settings.

Zálohování dat a datová úložiště / Data Backup and Data Storages

Spáčil, Michael

January 2021

The diploma thesis is focused on the design of a backup system to increase the efficiency of working with stored data and increase the security of stored data. The analysis of the current state describes the company itself and also the backup system using the audit portal Zefis.cz. The following part describes the design of a new backup system that focuses on complexity using the cloud, magnetic tapes, and high server availability.

Entwicklung und Betrieb eines Anonymisierungsdienstes für das WWW

Köpsell, Stefan

02 March 2010

Die Dissertation erläutert, wie ein Anonymisierungsdienst zu gestalten ist, so daß er für den durchschnittlichen Internetnutzer benutzbar ist. Ein Schwerpunkt dabei war die Berücksichtigung einer möglichst holistischen Sichtweise auf das Gesamtsystem "Anonymisierungsdienst". Es geht daher um die ingenieurmäßige Berücksichtigung der vielschichtigen Anforderungen der einzelnen Interessengruppen. Einige dieser Anforderungen ergeben sich aus einem der zentralen Widersprüche: auf der einen Seite die Notwendigkeit von Datenschutz und Privatheit für den Einzelnen, auf der anderen Seite die ebenso notwendige Überwachbarkeit und Zurechenbarkeit, etwa für die Strafverfolgung. Die Dissertation beschäftigt sich mit dem Aufzeigen und Entwickeln von technischen Möglichkeiten, die zur Lösung dieses Widerspruches herangezogen werden können.

info:eu-repo/classification/ddc/004

ddc:004

Protecting Privacy: Automatic Compression and Encryption of Next-Generation Sequencing Alignment Data

Gustafsson, Wiktor

January 2019

As the field of next-generation sequencing (NGS) matures and the technology grows more advanced, it is becoming an increasingly strong tool for solving various biological problems. Harvesting and analysing the full genomic sequence of an individual and comparing it to a reference genome can unravel information about detrimental mutations, in particular ones that give rise to diseases such as cancer. At the Rudbeck Laboratory, Uppsala University, a fully automatic software pipeline for somatic mutational analysis of cancer patient sequence data is in development. This will increase the efficiency and accuracy of a process which today consists of several discrete computation steps. In turn, this will reduce the time to result and facilitate the process of making a diagnosis and delegate the optimal treatment for the patient. However, the genomic data of an individual is very sensitive and private, which demands that great security precautions are taken. Moreover, as more and more data are produced storage space is becoming increasingly valuable, which requires that data are handled and stored as efficiently as possible. In this project, I developed a Python pipeline for automatic compression and encryption of NGS alignment data, which aims to ensure full privacy protection of patient data while maintaining high computational and storage efficiency. The pipeline uses a state-of-the-art real-time compression algorithm combined with an Advanced Encryption Standard cipher. It offers security that meets rigorous modern standards, and performance which at least matches that of existing solutions. The system is made to be easily integrated in the somatic mutation analysis pipeline. This way, the data generated during the analysis, which are too large to be kept in operational memory, can safely be stored to disk.

data protection

compression

encryption

genomic data

privacy

cancer

ngs

next-generation sequencing

AES

Zstandard

sequencing

Bioinformatics and Systems Biology

Bioinformatik och systembiologi

Privacy in RFID Transit Systems : A case study of SL - Storstockholms Lokaltrafik

Ilesanmi, Olufemi Olajide

January 2015

Radio Frequency Identification (RFID) is a technology that facilitates wirelesscommunication. It is being widely used for access control purposes to aid administration ofservices. As with most wireless technologies, RFID has its challenges, due to its medium (radio waves) of communication, which makes it susceptible to signal interception and other possible attacks. The goal of this project is to investigate the insecurities in the implementation of the RFID system in transit (Storstockholms Lokaltrafik, Stockholm) systems. Due to the nature of the system, spatial information about consumers are accumulated over time thereby attracting some level of interests either legitimate or illegitimate, and raising some concerns. This thesis, takes into consideration the vulnerabilities of the RFID system and the potential security risks consumers of the system are exposed to, a detailed analysis is carried out on the existing infrastructure with the goal of exposing the shortcomings of the systems and proposing mitigating solutions. After an extensive work, seven (7) threats to privacy and security of RFID users were elaborated. Also discussion, about how different legislations around the world enforced data handling regulations in relation to commuter data, is carried out. Finally, most recent threats to consumer privacy are taken into consideration, as well as security in the mass transit field to put together a list of recommended safe practices. The work shows that RFID does pose significant threat to consumer privacy. One might argue that RFID has its benefits in its various implementations. However the fact remains that there are issues with regards to privacy that must to be addressed.

RFID (radio frequency identification)

Consumer Profiling

Data mining

Behavioral targeting

Data protection

Privacy

Computer and Information Sciences

Data- och informationsvetenskap