161 |
The information security policy: an important information security management control.Hone, Karin 22 April 2008 (has links)
This study originated from the realisation that the information security industry has identified the information security policy as one of the most important information security management controls. Within the industry there are, however, differing views as to what constitutes an information security policy, what it should contain, how it should be developed and how it should best be disseminated and managed. Numerous organisations claim to have an information security policy, but admit that it is not an effective control. The principal aim of this study is to make a contribution to the information security discipline by defining what an information security policy is, where it fits into the broader information security management framework, what elements an effective policy should contain, how it should be disseminated and how the document is best kept relevant, practical, up-to-date and efficient. The study develops and documents various processes and methodologies needed to ensure the effectiveness of the information security policy, such as the dissemination process and the information security policy management lifecycle. The study consists of five parts, of which Part I serves as introduction to the research topic. It provides background information to the topic and lays the foundation for the rest of the dissertation. Chapter 1 specifically deals with the research topic, the motivation for it and the issues addressed by the dissertation. Chapter 2 looks at the concept of information security management and what it consists of, highlighting the role an information security policy has to play in the discipline. Chapter 3 introduces the various international information security standards and codes of practice that are referred to, examined and analysed in the dissertation. This chapter specifically highlights how and to what extent each of these address the topic of the information security policy. Part II introduces the concept of the information security policy. Chapter 4 provides the background to what an information security policy is and where it fits into the broader structure of an organisation’s governance framework. Chapter 5 specifies what an effective information security policy is and what components are needed to ensure its success as an information security control. Part III expands the components of an effective information security policy as introduced in Chapter 5. This part consists of Chapters 6 to 8, with each of these addressing a single component. Chapter 6 further investigated the development of the information security policy. The dissemination of the document is discussed in Chapter 7 and Chapter 8 expands the concept of the information security policy management lifecycle. Part IV consists of Chapter 9, which deals with a case study applying the various processes and methodologies defined in the previous part. The case study deals with a fictitious organisation and provides detailed background information to indicate how the organisation should approach the development and dissemination of the information security policy. Some of the examples constructed from the case study include a sample information security policy and a presentation to be used as introduction to the information security policy. The dissertation is concluded in Chapter 10. This chapter provides a summarised overview of the research and the issues addressed in it. / Prof. J.H.P. Ehlers
|
162 |
Le banquier et le Data Protection Officer (DPO). D'une obligation d'information et de conseil à une obligation d'assistance / Banker and Data Protection Officer (DPO). From an obligation to provide information and advice to an obligation to provide assistanceRenucci, Antoine 10 July 2019 (has links)
La mise en parallèle des activités de banquier et de Data protection Officer est particulièrement intéressante du point de vue de l’obligation d’information et de conseil, concept qui fait l’objet d’une importante mutation. Notre thèse est que cette obligation évolue de façon parallèle pour ces deux professionnels, mais prend in fine une option différente. Dans les deux cas, cette obligation tend à devenir une obligation d’assistance, mais elle est de nature différente : si dans sa forme classique avec le banquier, l’obligation d’assistance est passive, dans sa forme actuelle avec le DPO, elle est active. Cette divergence s’explique par les enjeux et les logiques qui ne sont pas identiques. Avec le Banquier, c’est la logique des affaires qui prime et il ne peut s’y ingérer. En revanche, avec le Data Protection Officer (DPO), c’est la logique de protection des personnes, et plus particulièrement de leurs données qui prime, ce qui justifie et même impose son ingérence. Il est donc logique que l’assistance soit passive dans un cas et active dans l’autre. / The parallel between banking and data protection officer activities is particularly interesting regarding the obligation to provide information and advice, a concept which is undergoing a major change. Our thesis is that this obligation evolves concomitantly for these two professionals but, in the end, takes a different way. In both cases, this obligation tends to become an obligation of assistance of a different nature : in its classical form, the banker has the obligation to provide a passive assistance, but in its current form, the assistance provided by the DPO, is active. This divergence is explained by the difference of needs and logic. In the case of the Banker, the business logic prevails and he can’t interfere. On the other hand, in the case of the Data Protection Officer (DPO), the protection prevails, especially the data protection, which justifies and even imposes his action. It is therefore logical that assistance provided should be passive in one case and active in the other.
|
163 |
Human trafficking 2.0 the impact of new technologiesRentzsch, Viola January 2021 (has links)
Magister Legum - LLM / Human history is traversed by migration. This manifold global phenomenon has shaped the world to its current state, moving people from one place to another in reaction to the changing world. The autonomous decision to permanently move locations represents only a segment of what is considered to be migration. Routes can be dangerous, reasons can be without any alternative, displacements forced, and journeys deadly. Arguably the most fatal of all long-distance global migration flows, the transatlantic slave trade has left an enduring legacy of economic patterns and persistent pain. Whilst the trade in human beings originated centuries before, with Europe’s long history of slavery, this event represents an atrocious milestone in history. In a nutshell, European colonialists traded slaves for goods from African kings, who had captured them as war prisoners.
|
164 |
Správa sociálního zabezpečení a ochrana osobních údajů / Social security administration and personal data protectionBeneš, Jiří January 2019 (has links)
Social security administration and personal data protection The protection of personal data is one of the most discussed legal topics of contemporary legal science. However, the attention of both the professional and general public has so far been focused on the processing of personal data carried out by private law entities. On the contrary, the author focuses on a topic that has been overlooked, namely the processing of personal data performed by social security administration authorities. This thesis aims to answer the question whether the processing carried out by selected authorities of the social security administration follows the principle of lawfulness according to data protection regulations and the Regulation (GDPR). The key aspect of the author's answer is primarily to assess the compliance of the current legislation in the area of sickness and pension insurance and passive employment policy with the requirements of the Regulation (GDPR). In this work, the author first deals with the historical roots and birth of the legal regulation of personal data protection. Then, by comparing the legal regulations adopted within the Council of Europe, the European Union, and the Czech Republic, it analyses the applicable regulation of personal data protection. As the author points out in this work,...
|
165 |
Programvaruutvecklingen efter GDPR : Effekten av GDPR hos mjukvaruföretagNord, Lisa January 2020 (has links)
GDPR (General data protection regulation, generella dataskyddsförordningen) är en ny europeisk förordning som reglerar behandlingen av känsliga uppgifter samt det fria flödet av dessa inom EU. Förordningen utgör ett skydd för fysiska personer vid behandling av deras personuppgifter inom unionen vilket är en grundläggande rättighet. GDPR har sedan den trädde i kraft i Maj 2018 varit en förordning att räkna med då dess bötesbelopp är höga. Alla företag inom Europa behöver följa reglerna samt företag utanför EU som hanterar europeiska personuppgifter. Målet med detta arbete är se vilken effekt GDPR har haft hos svenska mjukvaruutvecklare och hur de ser på sin arbetsbörda. Detta har gjorts genom en enkätundersökning hos svenska mjukvaruföretag som blivit slumpmässigt utvalda. Av uppsatsens resultat framgår det att många mjukvaruföretag som skapar egen programvara eller distribuerar programvara för en tredje part har den nya förordningen inneburit ett tyngre arbetslass samt omförhandling av existerande programvarulösningar. Något som inneburit nya arbetsplatser eller arbetsgrupper hos många företag. När GDPR först trädde ikraft lades det ner många arbetstimmar på att omvandla redan existerande lösningar för att uppfylla kraven. Trots detta har det lagts många fler timmar vid utveckling även efter GDPR för att se till att den nya programvaran även den lever upp till de krav som är ställda. Av resultatet kan vi även finna att många företag ser väldigt strikt på hantering av känsliga uppgifter de samlat in från deras kunder men ser mindre strikt på lagring och hantering av personuppgifter av sina egna anställda. / GDPR(General data protection regulation) is a new European regulation that regulates data, protection, and privacy. It also addresses the transfer of personal data to countries outside of the European Union. Ever since the GDPR was enforceable May 2018, it has been a regulation for businesses to strictly follow and be wary of due to the hefty fines. All European businesses need to follow the new regulation and likewise, so to the businesses outside of the E.U. in which handles any type of personal data of Europeans. The goal with this thesis is to see the effect the GDPR has had for Swedish software developers and how they portray their workload. This data has been shown in the form of a questionnaire which was randomly distributed to a number of Swedish software companies. In conclusion, this thesis shows that the new regulation has had a big impact on the developers that create new software/distributes software, primarily in form of a heavier workload and the need to re-negotiate already existing software. This has provided new jobs and/or new teams for many of the companies that were a part of this study. When GDPR was first introduced, the software companies spent countless hours on converting already existing software. Even tho they spend a lot of time in the beginning, the dedication of time is spent on every solution to make sure it meets the requirements of GDPR: We can also see that many businesses spend a lot more time and money on data protection for their clients personal data, but they do not treat their employees personal data in the same way.
|
166 |
Ochrana osobních údajů a veřejná správa / Personal data protection and public administrationTalík, Michael January 2022 (has links)
6 General / Obecné Personal data protection and public administration Abstract This thesis is aimed to personal data protection in connection to public administration. Given the extensiveness of the topic, the author is focused on the most important issues related to the area of personal data protection. The main area of the study is the terminology, and the effect on the public administration. The goal of the thesis is to provide clear and comprehensive explanation of terms related to personal data protection. The goal is accomplished due to expansive explanation of those terms in order to appropriately connect the reader with the topic. The thesis is divided into four chapters. The first chapter aims to systematization of personal data protection. In addition to that, also explaining the crucial term of this thesis, the personal data. The second chapter deals with historical context and evolution of the data protection. The historical context provides the explanation of the relevant data protection laws, which determined the evolution of the data protection itself. The third chapter concentrates to the merit of the thesis, therefore General Data Protection regulation. Each of those subchapters were selected by the author to provide only the crucial terms and not to overflow the reader with a less...
|
167 |
Privacy-Aware Data Analysis: Recent Developments for Statistics and Machine LearningLut, Yuliia January 2022 (has links)
Due to technological development, personal data has become more available to collect, store and analyze. Companies can collect detailed browsing behavior data, health-related data from smartphones and smartwatches, voice and movement recordings from smart home devices. Analysis of such data can bring numerous advantages to society and further development of science and technology. However, given an often sensitive nature of the collected data, people have become increasingly concerned about the data they share and how they interact with new technology.
These concerns have motivated companies and public institutions to provide services and products with privacy guarantees. Therefore, many institutions and research communities have adopted the notion of differential privacy to address privacy concerns which has emerged as a powerful technique for enabling data analysis while preventing information leakage about individuals. In simple words, differential privacy allows us to use and analyze sensitive data while maintaining privacy guarantees for every individual data point. As a result, numerous algorithmic private tools have been developed for various applications. However, multiple open questions and research areas remain to be explored around differential privacy in machine learning, statistics, and data analysis, which the existing literature has not covered.
In Chapter 1, we provide a brief discussion of the problems and the main contributions that are presented in this thesis. Additionally, we briefly recap the notion of differential privacy with some useful results and algorithms.
In Chapter 2, we study the problem of differentially private change-point detection for unknown distributions. The change-point detection problem seeks to identify distributional changes in streams of data. Non-private tools for change-point detection have been widely applied in several settings. However, in certain applications, such as identifying disease outbreaks based on hospital records or IoT devices detecting home activity, the collected data is highly sensitive, which motivates the study of privacy-preserving tools. Much of the prior work on change-point detection---including the only private algorithms for this problem---requires complete knowledge of the pre-change and post-change distributions. However, this assumption is not realistic for many practical applications of interest. In this chapter, we present differentially private algorithms for solving the change-point problem when the data distributions are unknown to the analyst. Additionally, we study the case when data may be sampled from distributions that change smoothly over time rather than fixed pre-change and post-change distributions. Furthermore, our algorithms can be applied to detect changes in linear trends of such data streams. Finally, we also provide a computational study to empirically validate the performance of our algorithms.
In Chapter 3, we study the problem of learning from imbalanced datasets, in which the classes are not equally represented, through the lens of differential privacy. A widely used method to address imbalanced data is resampling from the minority class instances. However, when confidential or sensitive attributes are present, data replication can lead to privacy leakage, disproportionally affecting the minority class. This challenge motivates the study of privacy-preserving pre-processing techniques for imbalanced learning. In this work, we present a differentially private synthetic minority oversampling technique (DP-SMOTE) which is based on a widely used non-private oversampling method known as SMOTE. Our algorithm generates differentially private synthetic data from the minority class. We demonstrate the impact of our pre-processing technique on the performance and privacy leakage of various classification methods in a detailed computational study.
In Chapter 4, we focus on the analysis of sensitive data that is generated from online internet activity. Accurately analyzing and modeling online browsing behavior play a key role in understanding users and technology interactions. Towards this goal, in this chapter, we present an up-to-date measurement study of online browsing behavior. We study both self-reported and observational browsing data and analyze what underlying features can be learned from statistical analysis of this potentially sensitive data. For this, we empirically address the following questions: (1) Do structural patterns of browsing differ across demographic groups and types of web use?, (2) Do people have correct perceptions of their behavior online?, and (3) Do people change their browsing behavior if they are aware of being observed?
In response to these questions, we found little difference across most demographic groups and website categories, suggesting that these features cannot be implied solely from clickstream data. We find that users significantly overestimate the time they spend online but have relatively accurate perceptions of how they spend their time online. We find no significant changes in behavior throughout the study, which may indicate that observation had no effect on behavior or that users were consciously aware of being observed throughout the study.
|
168 |
The Impact of Artificial Intelligence on Data Protection: A Legal AnalysisDos Santos, Ana Paula 01 April 2020 (has links) (PDF)
This study explores the implications of artificial intelligence innovation on privacy, data protection regulations, and other related laws. With the spread of data endangering privacy, it is a difficult task to protect the “right to be let alone,” considered as an individuals’ liberty and a fundamental right. This research has shown that at the same time, the use of personal information by artificial intelligence can impact an individual’s privacy. Artificial intelligence also brings conjecturable, incredible, and useful innovation that benefits humans. The analysis of the enacted laws in the European Union, China, and the United States on data protection regulations demonstrates that the laws are not sufficient to prevent the challenges raised by artificial intelligence. This thesis discusses the great importance of the subject matter to society, the several impacts it can foment and the lack of regulations to avoid the outcome
|
169 |
Performance analysis of the MULTISAFE protection enforcement processesDeaver, Mason C. 30 October 2008 (has links)
This paper describes the performance of the MULTISAFE database protection model through response-time equations. A predicate-based protection model is described. Various classes of access decision dependencies are reviewed. The distinct modules of MULTISAFE are discussed, and a relational database approach to the management of data protection is developed for these modules. A performance equation which models user login into MULTISAFE is developed. A set of equations is developed which model the processing of database queries as a series of steps. These equations are then modified to consider the possibility of concurrent processing among the MULTISAFE modules. The two sets of equations are compared and analyzed. The analysis reveals that the concurrency feature of MULTISAFE allows database protection to be implemented with a minimum of system overhead. Further analysis shows that, in some cases, an arbitrary database query takes less time to process with all protection checks in force than a similar query in a protection less environment. / Master of Science
|
170 |
Data protection in the age of Big Data : legal challenges and responses in the context of online behavioural advertisingChen, Jiahong January 2018 (has links)
This thesis addresses the question of how data protection law should respond to the challenges arising from the ever-increasing prevalence of big data. The investigation is conducted with the case study of online behavioural advertising (OBA) and within the EU data protection legal framework, especially the General Data Protection Regulation (GDPR). It is argued that data protection law should respond to the big data challenges by leveraging the regulatory options that are either already in place in the current legal regime or potentially available to policymakers. With the highly complex, powerful and opaque OBA network, in both technical and economic terms, the use of big data may pose fundamental threats to certain individualistic, collective or societal values. Despite a limited number of economic benefits such as free access to online services and the growth of the digital market, the latent risks of OBA call for an effective regulatory regime on big data. While the EU's GDPR represents the latest and most comprehensive legal framework regulating the use of personal data, it has still fallen short on certain important aspects. The regulatory model characterised by individualised consent and the necessity test remains insufficient in fully protecting data subjects as autonomous persons, consumers and citizens in the context of OBA. There is thus a pressing need for policymakers to review their regulatory toolbox in the light of the potential threats. On the one hand, it is necessary to reconsider the possibilities to blacklist or whitelist certain data uses with mechanisms that are either in place in the legal framework or can be introduced additionally. On the other hand, it is also necessary to realise the full range of policy options that can be adopted to assist individuals in making informed decisions in the age of big data.
|
Page generated in 0.1128 seconds