181 |
Den nya dataskyddsförordningens påverkan på företag : En flerfallsstudie om förändringsarbetet i samband med införandet av GDPRSebastian, Holmgren, Spehar, Sara January 2018 (has links)
On May 25th in 2018, the old EU directive that has been used as a guideline for data protection since 1995 was replaced. The new regulation, General Data Protection Regulation (GDPR) was implemented with a primary purpose to strengthen the rights of individuals and to give them greater control over their personal data. In general, the law involves changes for those who process personal data and strengthened rights of every individual's privacy. Change is a recurring element in every organization and how it's handled is crucial to the future of the company. This paper intends to investigate how change management can be applied in connection with the introduction of the new data protection regulation and how oganizations ensure compliance with changes. The interviews conducted in this paper has generated qualitative data and the result shows that there is a comprehensive conversion for companies of any size. Companies have an iterative approach regarding change managment and several changes have been required to reach full compliance with the law. To ensure compliance, companies have created an awareness of the law, educated all employees within their organization, and helped their employees apply the gained knowledge to their everyday work. However there are flaws companies may need to work on, which includes motivating employees to follow the newly implemented changes and use reinforcement to avoid returning to old habits. / Den 25 maj år 2018 ersattes det gamla EU-direktivet som behandlat dataskydd sedan år 1995. Den nya dataskyddsförordningen, General Data Protection Regulation (GDPR) har som huvudsakligt syfte att stärka privatpersoners rättigheter och ge dem en större kontroll över sina personuppgifter. I det stora hela innebär lagändringen förändringar för de som behandlar personuppgifter och stärkta rättigheter för den enskilde individens personliga integritet. Förändring är ett återkommande element i organisationslivet och hur dessa hanteras är avgörande för företagets framtid. Studien ämnar att undersöka hur ett förändringsarbete hos företag kan genomföras i samband med införandet av den nya dataskyddsförordningen och hur de säkerställer att förändringarna efterlevs. Datainsamlingen har genererat kvalitativ data och resultatet visar att det är en omfattande omställning för företag oavsett storlek. Företag har ett iterativt tillvägagångssätt i förändringsarbetet och flera förändringar har behövts genomföras för att uppfylla lagen. För att säkerställa en efterlevnad har företag varit noggranna med att skapa en medvetenhet om lagen, utbilda samtliga anställda inom företag och hjälpt till att applicera kunskapen på det vardagliga arbetet. Dock finns det brister företag kan behöva arbeta på vilket innefattar att motivera anställda till att följa förändringar och använda förstärkning för att undvika att de återgår till gamla arbetssätt.
|
182 |
GDPR: Securing Personal Data in Compliance with new EU-RegulationsBitar, Hadi, Jakobsson, Björn January 2017 (has links)
New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification.
|
183 |
Kommunalt dataskydd : En fallstudie av Botkyrka kommuns implementering av EU:s DataskyddsförordningJansson, Thomas January 2017 (has links)
The aim of this essay is to examine how the swedish municipality of Botkyrka hasendeavoured to meet the legal obligations prescribed by the General Data ProtectionRegulation (GDPR) and what impact this legislation is expected to have on the informationmanagement-structures currently in use within the municipality itself. Research has beenperformed through a case study consisting of semi-structured interviews. The study showsthat several important measures has been taken in order to meet the demands set by theregulation, but that the absence of a conclusive swedish legislation on the matter is keepingthe municipality from knowing what exactly is expected of them.
|
184 |
Exploring barriers and pathways to data protection by design within IT companies : An integrated approach based on experts’ perspectivesHamza, Maissa January 2017 (has links)
The European General Data Protection Regulation (GDPR) will soon come into force, it is a regulation which spells out increased compliance demands for data protection by design. Failure to comply can lead to huge financial penalties, something IT companies controlling and processing personal data should not ignore. As the one-year countdown begins, studies have revealed under-preparedness of organizations affected by the GDPR. None of the studies so far has offered an integrated overview of the barriers faced by IT companies to embrace data protection by design. This study aims to help fill this gap and to investigate. A study based on expert’s knowledge has been carried out, using an integrated approach. Five experts from advocacy, legal and IT industry were interviewed, aiming to answer the following research question: “What are the barriers for IT companies to embrace data protection by design and how should these barriers be overcome?” An integrated overview of the barriers will then be presented, which includes the managerial, engineering and legal obstacles. The study goes on to present pathways to embrace data protection by design. A key contribution to this study is that managerial, legal and engineering barriers have shown to be directly interconnected and influence on each other. As such a much broader view must be undertaken to fully understand the different barriers that face IT companies in embracing data protection by design.
|
185 |
Nya Dataskyddsförordningens påverkan på en organisation : En fallstudie med fokus på privacy by designRännare, Angelica January 2017 (has links)
Detta arbete har till syfte att studera den nya dataskyddsförordningen General Data Protection Regulation´s (GDPR) utmaningar och påverkan på både organisation samt system. Fokus i arbetet har varit på det specifika kravet privacy by design som är en del av GDPR. GDPR-förordningen kommer träda i kraft den 25 maj 2018. Eftersom GDPR är en ny förordning så har det inte skett forskning i större utsträckning i ämnet ännu. Den forskning som har skett inom området har mestadels varit inom juridiken. Detta resulterar i att ämnet är högaktuellt att undersökas eftersom ny kunskap kommer tillkomma genom detta arbete. Arbetet syftar till att undersöka hur GDPR genom sina krav påverkar en organisation och hur hänsyn tas till det specifika kravet privacy by design. Det kommer också undersökas vilka krav som ställs på teknik och funktioner. Genom att göra detta kommer kunskap tas fram om och hur en organisation förbereder sig och vad som krävs för att uppfylla kraven med GDPR. Privacy by design är en filosofi på hur inbyggd integritet kan användas för att skydda och bygga in den personliga integriteten i system. Den baseras på sju principer som skall användas för att förstå hur integritet kan skyddas. Men likt alla lösningar finns det utmaningar. Det är dessa utmaningar som arbetet skall undersöka och för att utifrån resultatet ge rekommendationer som förhoppningsvis kan användas för att få en överblick hur en organisation ligger i fas med privacy by design, som är en del av GDPR. Baserat på organisationens svar kommer rekommendationer ges för hur organisationen skulle kunna förbättra sitt arbete ytterligare. Metoden som använts till stöd för detta arbete är en fallstudie av kvalitativ art, och innefattar intervjuer med personer från en organisation inom säkerhetsbranschen som utvecklar metoder samt mjukvara för informationssäkerhetsarbete. Organisationen som har undersökts befinner sig i startgroparna för säkerställandet av GDPR och har gjort en inledande analys av läget. Fyra intervjuer har legat till grund för studien och på dessa har en innehållsanalys genomförts. Med hjälp av analysen så framträder en tydlig bild av hur arbetet kan se ut, i samband med lagförändringen ur privacy by design-perspektivet. För att ta reda på detta har en organisation som arbetar med informationssäkerhet och mjukvaruutveckling undersökts. Till arbetet utvecklades en frågeguide och en sammanfattning av principer, som är relaterade till privacy by design. Det har visat sig att organisationen som undersöktes till stora delar arbetar med privacy by design, men har ytterligare utmaningar att bemöta. Analys och diskussion av intervjuerna har resulterat i rekommendationer till organisationen angående hur de kan stärka upp sitt informationssäkerhetsarbete ytterligare. Dessutom har en frågeguide, som återfinns i bilagorna, tagits fram och denna kan användas av andra organisationer som önskar undersöka hur de ligger till i sitt arbete med GDPR:s krav på privacy by design. / The purpose of this work is to study the General Data Protection Regulation (GDPR) and what challenges and impact this regulation can have on both organization and systems. The focus of the work will be on the specific requirement “privacy by design” that is one part of GDPR. The GDPR will come into force on May 25, 2018. Since the GDPR is a new regulation, there has been little research on the subject yet. The research that has taken place in the field has mostly been in the field of law. This results in the subject being highly relevant for further studies, since this work will unravel new information. The purpose of the work is to investigate how GDPR, through its requirements, affects an organization and how to take into account the specific requirement of privacy by design. It will also be investigated which demands are made of technology and functions. By doing this, knowledge will come about if and how an organization prepares and what it takes to meet the requirements of the GDPR. Privacy by design is a philosophy of how built-in integrity can be used to protect and integrate the personal integrity of systems. It is based on seven principles that will be used to understand how integrity can be protected. But like all solutions there are challenges. These are the challenges that the work will investigate, and as a result give recommendations that hopefully can be used to get an overview of how an organization, is in phase with privacy by design, which is part of GDPR. Based on the organization's response, recommendations will be given for how the organization could further improve its work. The method used to support this work is of a qualitative nature and includes interviews with persons from an organization in the security industry that develop methods and software for information security work. The organization that has been investigated is in the pitfalls for ensuring GDPR and has conducted an initial analysis of the situation. The foundation of this study relies on four interviews, on which a content analysis was made. Through this analysis, a clear picture emerges of how the work with upcoming challenges can present itself, with the changes regarding the new law concerning privacy by design. In order to investigate this, an organisation that works with information security and software development has been scrutinized. As a part of the study, a questionnaire and a summary of the principles relevant to privacy by design, was developed. The conclusion was that the scrutinized organisation generally does work with privacy by design, but still has some challenges to face. The analysis and discussion of the interviews resulted in recommendations for the organization on how to further strengthen their work with information security. Furthermore, a questionnaire, which can be found in the appendix, has been developed, and can be used by other organizations wishing to examine their progress on the work with implementing the GDPR requirements regarding privacy by design.
|
186 |
Analýza zpracování osobních údajů podle Nařízení GDPR / Personal Data Processing Analysis under the GDPR RegulationSlámová, Gabriela January 2018 (has links)
This diploma thesis deals with the proposal of a personal data protection system according to the General Data Protection Regulation in the organization Dentalife s.r.o.. The proposal was implemented on the basis of an analysis of the current situation which revealed serious shortcomings in line with the General Data Protection Regulation. Based on the identified deficiencies, a recommendation has been drawn up which, in the event of its subsequent implementation, will put the current situation into line with this Regulation. The theme of the diploma thesis was selected primarily because of its up-to-date and missing materials that would describe and explain the individual steps of the whole process of analysis and implementation.
|
187 |
Towards an information security framework for government to government transactions : a perspective from East AfricaWangwe, Carina Kabajunga 15 May 2013 (has links)
The need for a regional framework for information security in e-Government for the East African Community (EAC) has become more urgent with the signing in 2009 of the EAC Common Market Protocol. This protocol will entail more electronic interactions amongst government agencies in the EAC partner states which are Burundi, Kenya, Rwanda, Tanzania, and Uganda.
Government to Government (G2G) transactions are the backbone of e-Government transactions. If a government wants to provide comprehensive services that are easy to use by citizens, employees or businesses, it needs to be able to combine information or services that are provided by different government agencies or departments. Furthermore, the governments must ensure that the services provided are secure so that citizens trust that an electronic transaction is as good as or better than a manual one. Thus governments in the EAC must address information security in ways that take into consideration that these governments have limited resources and skills to use for e-Government initiatives.
The novel contribution of this study is an information security framework dubbed the TOG framework, comprising of technical, operational, governance, process and maturity models to address information security requirements for G2G transactions in the EAC. The framework makes reference to standards that can be adopted by the EAC while taking into consideration contextual factors which are resource, legislative and cultural constraints. The process model uses what is termed a ‘Plug and Play’ approach which provides the resource poor countries with a means of addressing information security that can be implemented as and when resources allow but eventually leading to a comprehensive framework. Thus government agencies can start implementation based on the operational and technical guidelines while waiting for governance structures to be put in place, or can specifically address governance requirements where they already exist. Conversely, governments using the same framework can take into consideration existing technologies and operations while putting governance structures in place.
As a proof of concept, the proposed framework is applied to a case study of a G2G transaction in Tanzania. The framework is evaluated against critical success factors. / Computing / D. Phil. (Computer Science)
|
188 |
Towards a security framework for the semantic webMbaya, Ibrahim Rajab 30 November 2007 (has links)
With the increasing use of the Web and the need to automate, interoperate, and reason about resources and services on the Web, the Semantic Web aims to provide solutions for the future needs of World Wide Web computing. However, the autonomous, dynamic, open, distributed and heterogeneous nature of the Semantic Web introduces new security challenges. Various security standards and mechanisms exist that address different security aspects of the current Web and Internet, but these have not been integrated to address security aspects of the Semantic Web specifically. Hence, there is a need to have a security framework that integrates these disparate security tools to provide a holistic, secure environment for the Semantic Web.
This study proposes a security framework that provides various security functionalities to Semantic Web entities, namely, agents, Web services and Web resources. The study commences with a literature survey carried out in order to establish security aspects related to the Semantic Web. In addition, requirements for a security framework for the Semantic Web are extracted from the literature. This is followed by a model-building study that is used to compile a security framework for the Semantic Web. In order to prove the feasibility thereof, the framework is then applied to different application scenarios as a proof-of-concept. Following the results of the evaluation, it is possible to argue that the proposed security framework allows for the description of security concepts and service workflows, reasoning about security concepts and policies, as well as the specification of security policies, security services and security mechanisms. The security framework is therefore useful in addressing the identified security requirements of the Semantic Web. / School of Computing / M.Sc. (Computer Science)
|
189 |
An investigation into source code escrow as a controlling measure for operational risk contained in business critical softwareEksteen, Lambertus Lochner 12 1900 (has links)
Thesis (MBA)--Stellenbosch University, 2012. / This research report outlines corporate governance and information technology risk management frameworks and the use of software escrow within a holistic enterprise risk management strategy to maintain business continuity. Available risk mitigation tools and frameworks were analysed including the use of software escrow as an information technology risk mitigation tool and continuity instrument. The primary researched problem relates to how organisations can ensure business continuity through managing the risks surrounding business-critical software applications. Software escrow was identified in the literature review as a risk management tool used to mitigate operational risks residing in the licencing of mission-critical software applications. The primary research question is: “How can source code escrow contribute towards business continuity by limiting risks contained in licensed business critical software applications?” This study found that an escrow agreement ensures an end-user access to licenced mission-critical intellectual property in the event of the owner’s insolvency, acquisition or breach of maintenance agreements and thereby ensures continuity. The following secondary research questions were also answered: “What types of operational risks will be minimised using software escrow?” and “What constitutes an effective source code agreement in South Africa?” The research identified that the main driver for escrow was operational risk of a mission-critical system failure due to maintenance and upgrades not taking place. The reasons identified included insolvency of the software supplier, acquisition of the supplier, loss of key resources (developers) and breach of maintenance or development agreements. The research also identified some limitations to the application of escrow and the reasons for some agreements not being executed. Key escrow contract quality criteria were identified which ensure an effective agreement under South African law. The following essential quality criteria were found to improve the efficiency of execution of the escrow contract: - Frequency and quality of deposits; - Deposit verification to ensure usability of material post release; and - Well-defined release trigger events to avoid legal disputes regarding what constitutes a release. Case studies highlighted the main risks that drive the creation of escrow agreements and identified limitations to the execution of some escrow agreements. The software end-user operational risks mitigated by the use of escrow included: - Continued use of the software despite vendor bankruptcy; - Reducing the dependency on the supplier for maintenance and support of the software Safeguarding critical business processes; and - Return on investment (software implementation, hardware and training of staff). It was concluded that, despite the legal and practical complexities concerned with escrow, it remains the best instrument to ensure continuity when relying on licensed intellectual property used for business-critical functions and processes. Software escrow is therefore a vital component of a well-formulated license agreement to ensure access to mission-critical technology (including all related intellectual property) under pre-defined conditions of release to the end-user (licensee). In the event of a release, the escrow agent gives the end-user access to the deposited source code and related materials for the purposes of business continuity only and in no way affects the ownership rights of the supplier/owner.
|
190 |
Flexible authorizations in workflow management systemsLui, W. C., 雷永祥. January 2002 (has links)
published_or_final_version / Computer Science and Information Systems / Master / Master of Philosophy
|
Page generated in 0.1319 seconds