Information Privacy and Security Associated with Healthcare Technology Use

Amin, M A Shariful

07 1900

This dissertation consists of three studies that investigate the information privacy & security associated with healthcare technology use. Essay 1 PRISMA-style systematically reviews the existing literature on privacy information disclosure in IoT technology and serves as the theoretical foundation of the current research. It is crucial to comprehend why, how, and under what consequences individuals choose to disclose their personal and health information since doing so is beneficial to the company. This SLR method allows us to find those factors that significantly impact individuals' behavioral intention to disclose personal information while using IoT technologies. Essay 2 posits, develops, and tests a comprehensive theoretical framework built upon the theory of planned behavior and the health belief model to examine factors affecting willingness to disclose PHI in order to use WFDs. A research survey is designed and distributed to a crowdsourcing platform, Mechanical Turk (M-Turk). Research hypotheses are tested using partial least square – structural equation modeling (PLS-SEM). To achieve this purpose, Essay 3 extends the findings from the previous essay and further investigates the caregiver context. Therefore, we developed a novel theoretical model utilizing privacy calculus theory and the technology acceptance model to investigate the willingness of the elderly to disclose personal health information needed to use caregiver robots. Survey data were collected using crowdsourcing utilizing Amazon's Mechanical Turk (M-Turk) and Prolific. Research hypotheses are tested using partial least square – structural equation modelling (PLS-SEM). The findings provide value for academia, practitioners, and policymakers.

Privacy & Security

Healthcare Technology

InfoSec

Analysis of Background Check Policy in Higher Education

Owen, Gregory T

07 August 2012

In the higher education environment today, lack of agreement about background checks between campus community members, fueled by unresolved tensions between security and privacy, has led many universities to adopt a patchwork of fragmented background check policies. Many of these policies have been created and accepted without careful consideration of the wide array of risks and complexities involved with background checks. This policy analysis examined the experiences and history behind Georgia Institute of Technology’s adoption of background check policy. This was achieved through interviewing relevant constituents and analyzing of all available/related official policy documents associated with Georgia Tech’s Pre-employment Background Check Policy and Program. This dissertation presents a chronological account of the events and influences associated with Georgia Tech’s adoption and revision of background check policy. Results of this study offer valuable insights and recommendations for further study in order to assist higher education policy makers and HR professionals at other universities in making more informed decisions regarding the challenges involved with background check, and similar, policy. Some of these insights include an awareness of societal tensions that exist between privacy and security policy; the importance of understanding how national, local, and organizational level triggering events have shaped and contributed to higher education background check policy that is based on a general concern for security; and my recommendation for further study into background check policy as it will relate to the higher matriculation process.

Background Check Policy

Criminal History

Policy Evaluation

Privacy vs. Security

Risk Management

Pre-Employment Screening

Information Security Management of Healthcare System

Mahmood, Ashrafullah Khalid

January 2010

Information security has significant role in Healthcare organizations. The Electronic Health Record (EHR) with patient’s information is considered as very sensitive in Healthcare organization. Sensitive information of patients in healthcare has to be managed such that it is safe and secure from unauthorized access. The high-level quality care to patients is possible if healthcare management system is able to provide right information in right time to right place. Availability and accessibility are significant aspects of information security, where applicable information needs to be available and accessible for user within the healthcare organization as well as across organizational borders. At the same time, it is essentials to protect the patient security from unauthorized access and maintain the appropriate level in health care regarding information security. The aim of this thesis is to explore current management of information security in terms of Electronic Health Records (EHR) and how these are protected from possible security threats and risks in healthcare, when the sensitive information has to be communicated among different actors in healthcare as well as across borders. The Blekinge health care system was investigated through case study with conduction of several interviews to discover possible issues, concerning security threats to management of healthcare. The theoretical work was the framework and support for possible solutions of identified security risks and threats in Blekinge healthcare. At the end after mapping, the whole process possible guidelines and suggestions were recommended for healthcare in order to prevent the sensitive information from unauthorized access and maintain information security. The management of technical and administrative bodies was explored for security problems. It has main role to healthcare and in general, whole business is the responsibility of this management to manage the sensitive information of patients. Consequently, Blekinge healthcare was investigated for possible issues and some possible guidelines and suggestions in order to improve the current information security with prevention of necessary risks to healthcare sensitive information. / muqadas@gmail.com

Information Security

Electronic Health Records

Information Communication Technology

patient privacy and security

Computer Sciences

Datavetenskap (datalogi)

Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior

Das, Sauvik

01 May 2017

Despite substantial effort made by the usable security community at facilitating the use of recommended security systems and behaviors, much security advice is ignored and many security systems are underutilized. I argue that this disconnect can partially be explained by the fact that security behaviors have myriad unaccounted for social consequences. For example, by using two-factor authentication, one might be perceived as “paranoid”. By encrypting an e-mail correspondence, one might be perceived as having something to hide. Yet, to date, little theoretical work in usable security has applied theory from social psychology to understand how these social consequences affect people’s security behaviors. Likewise, little systems work in usable security has taken social factors into consideration. To bridge these gaps in literature and practice, I begin to build a theory of social cybersecurity and apply those theoretical insights to create systems that encourage better cybersecurity behaviors. First, through a series of interviews, surveys and a large-scale analysis of how security tools diffuse through the social networks of 1.5 million Facebook users, I empirically model how social influences affect the adoption of security behaviors and systems. In so doing, I provide some of the first direct evidence that security behaviors are strongly driven by social influence, and that the design of a security system strongly influences its potential for social spread. Specifically, security systems that are more observable, inclusive, and stewarded are positively affected by social influence, while those that are not are negatively affected by social influence. Based on these empirical results, I put forth two prescriptions: (i) creating socially grounded interface “nudges” that encourage better cybersecurity behaviors, and (ii) designing new, more socially intelligent end-user facing security systems. As an example of a social “nudge”, I designed a notification that informs Facebook users that their friends use optional security systems to protect their own accounts. In an experimental evaluation with 50,000 Facebook users, I found that this social notification was significantly more effective than a non-social control notification at attracting clicks to improve account security and in motivating the adoption of promoted, optional security tools. As an example of a socially intelligent cybersecurity system, I designed Thumprint: an inclusive authentication system that authenticates and identifies individual group members of a small, local group through a single, shared secret knock. Through my evaluations, I found that Thumprint is resilient to casual but motivated adversaries and that it can reliably differentiate multiple group members who share the same secret knock. Taken together, these systems point towards a future of socially intelligent cybersecurity that encourages better security behaviors. I conclude with a set of descriptive and prescriptive takeaways, as well as a set of open problems for future work. Concretely, this thesis provides the following contributions: (i) an initial theory of social cybersecurity, developed from both observational and experimental work, that explains how social influences affect security behaviors; (ii) a set of design recommendations for creating socially intelligent security systems that encourage better cybersecurity behaviors; (iii) the design, implementation and comprehensive evaluation of two such systems that leverage these design recommendations; and (iv) a reflection on how the insights uncovered in this work can be utilized alongside broader design considerations in HCI, security and design to create an infrastructure of useful, usable and socially intelligent cybersecurity systems.

Cybersecurity

Usable Privacy and Security

Social Psychology

HCI

Data Science

Ubiquitous Computing

Measuring the Impact of email Headers on the Predictive Accuracy of Machine Learning Techniques

Tout, Hicham Refaat

01 January 2013

The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning algorithms to detect phishing attack did increase the predictive accuracy of these learning algorithms. The same research also recommended further investigation of the impact of including an expanded set of email headers on the predictive accuracy of machine learning algorithms. In addition, research has shown that the cost of misclassifying legitimate emails as phishing attacks--false positives--was far higher than that of misclassifying phishing emails as legitimate--false negatives, while the opposite was true in the case of fraud detection. Consequently, they recommended that cost sensitive measures be taken in order to further improve the weighted predictive accuracy of machine learning algorithms. Motivated by the potentially high impact of the inclusion of email headers on the predictive accuracy of machines learning algorithms and the significance of enabling cost-sensitive measures as part of the learning process, the goal of this research was to quantify the impact of including an extended set of email headers and to investigate the impact of imposing penalty as part of the learning process on the number of false positives. It was believed that if email headers were included and cost-sensitive measures were taken as part of the learning process, than the overall weighted, predictive accuracy of the machine learning algorithm would be improved. The results showed that adding email headers as features did improve the overall predictive accuracy of machine learning algorithms and that cost-sensitive measure taken as part of the learning process did result in lower false positives.

email based attacks

information security

logistic regression

machine learning

phishing

privacy and security

Computer Sciences

Personalising privacy contraints in Generalization-based Anonymization Models / Personnalisation de protection de la vie privée sur des modèles d'anonymisation basés sur des généralisations

Michel, Axel

08 April 2019

Les bénéfices engendrés par les études statistiques sur les données personnelles des individus sont nombreux, que ce soit dans le médical, l'énergie ou la gestion du trafic urbain pour n'en citer que quelques-uns. Les initiatives publiques de smart-disclosure et d'ouverture des données rendent ces études statistiques indispensables pour les institutions et industries tout autour du globe. Cependant, ces calculs peuvent exposer les données personnelles des individus, portant ainsi atteinte à leur vie privée. Les individus sont alors de plus en plus réticent à participer à des études statistiques malgré les protections garanties par les instituts. Pour retrouver la confiance des individus, il devient nécessaire de proposer dessolutions de user empowerment, c'est-à-dire permettre à chaque utilisateur de contrôler les paramètres de protection des données personnelles les concernant qui sont utilisées pour des calculs.Cette thèse développe donc un nouveau concept d'anonymisation personnalisé, basé sur la généralisation de données et sur le user empowerment.En premier lieu, ce manuscrit propose une nouvelle approche mettant en avant la personnalisation des protections de la vie privée par les individus, lors de calculs d'agrégation dans une base de données. De cette façon les individus peuvent fournir des données de précision variable, en fonction de leur perception du risque. De plus, nous utilisons une architecture décentralisée basée sur du matériel sécurisé assurant ainsi les garanties de respect de la vie privée tout au long des opérations d'agrégation.En deuxième lieu, ce manuscrit étudie la personnalisations des garanties d'anonymat lors de la publication de jeux de données anonymisés. Nous proposons l'adaptation d'heuristiques existantes ainsi qu'une nouvelle approche basée sur la programmation par contraintes. Des expérimentations ont été menées pour étudier l'impact d’une telle personnalisation sur la qualité des données. Les contraintes d’anonymat ont été construites et simulées de façon réaliste en se basant sur des résultats d'études sociologiques. / The benefit of performing Big data computations over individual’s microdata is manifold, in the medical, energy or transportation fields to cite only a few, and this interest is growing with the emergence of smart-disclosure initiatives around the world. However, these computations often expose microdata to privacy leakages, explaining the reluctance of individuals to participate in studies despite the privacy guarantees promised by statistical institutes. To regain indivuals’trust, it becomes essential to propose user empowerment solutions, that is to say allowing individuals to control the privacy parameter used to make computations over their microdata.This work proposes a novel concept of personalized anonymisation based on data generalization and user empowerment.Firstly, this manuscript proposes a novel approach to push personalized privacy guarantees in the processing of database queries so that individuals can disclose different amounts of information (i.e. data at different levels of accuracy) depending on their own perception of the risk. Moreover, we propose a decentralized computing infrastructure based on secure hardware enforcing these personalized privacy guarantees all along the query execution process.Secondly, this manuscript studies the personalization of anonymity guarantees when publishing data. We propose the adaptation of existing heuristics and a new approach based on constraint programming. Experiments have been done to show the impact of such personalization on the data quality. Individuals’privacy constraints have been built and realistically using social statistic studies

Big Data

Matériel sécurisé

Data privacy and security

Big Data

Secure Hardware

Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic

Fourcot, Florent

19 January 2015

The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences. In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”. Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet. The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices. Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket.

info:eu-repo/classification/ddc/000

ddc:000

Netzwerk, IPv6, Datenschutz

Privacy, IPv6, Security

I'm Ready for My Close-Up: Cameras as a Privacy Issue in State and Federal Courts

O'Meara, Laura Ann

January 2020

No description available.

American History

Philosophy

Law

right to privacy

cameras

surveillance cameras

CCTV

privacy vs security

Private and Secure Data Communication: Information Theoretic Approach

Basciftci, Yuksel O., Basciftci

January 2016

No description available.

Electrical Engineering

Analysis of factors that influence customers’ willingness to leave big data digital footprints on social media: A systematic review of literature

Muhammad, S.S., Dey, B.L., Weerakkody, Vishanth J.P.

15 October 2017

Yes / Big data has been discussed extensively in existing scholarly works but scant consideration is given to customers’ willingness to generate and leave big data digital footprints on social media, especially in the light of the profusely debated issue of privacy and security. The current paper endeavours to address this gap in the literature by developing a conceptual framework. In doing so, this paper conducts a systematic review of extant literature from 2002 to 2017 to identify and analyse the underlying factors that influence customers’ willingness to leave digital footprints on social media. The findings of this review reveal that personal behaviour (intrinsic psychological dispositions), technological factors (relative advantage and convenience), social influence (social interaction, social ties and social support) and privacy and security (risk, control and trust) are the key factors that influence customers’ willingness to generate and leave big data digital footprints on social media. The conceptual framework presented in this paper advances the scholarship of technology adoption and use and provides useful direction for future empirical research for both academics and practitioners.

Big data digital footprint

Social media

Privacy and security

Technology

Personal behaviour

Social influence