Global ETD Search

11	GDPR och dess påverkan vid systemutveckling : Riktlinjer för en säkrare kravspecificering. Kinell, Alfred, Löfberg, Carl January 2018 (has links) Syftet med denna uppsats är att undersöka vilka nya krav som kan tänkas uppstå i och med det nya dataskyddsdirektivet, och hur uppfyllandet av dessa krav kan underlättas, i form av riktlinjer utformade för att säkerställa en systemutveckling i enlighet med de säkerhets- och integritetskrav som ställs i och med GDPR. De behov och kravområden som identifierats, har sedan kategoriserats och konkretiserats i form av riktlinjer som skall kunna användas då personuppgifter hanteras. För att belysa hur GDPR kan förändra kravbilden har främst “Privacy by Design”, kravspecificering, samt de allmänna juridiska förändringar GDPR kommer att innebära studerats. För att besvara uppsatsens syfte och frågeställningar har en studie baserad på främst semistrukturerade intervjuer utförts. Detta för att identifiera potentiella nya krav som kan tänkas uppstå i och med det nya dataskyddsdirektivet. Med avstamp i teorin, samt intervjuunderlaget har sex stycken kategorier tagits fram. Dessa är samtycke, Privacy by Design, rätten att bli meddelad om intrång, rätten att bli glömd, dataportabilitet samt rätten till åtkomst. Dessa kategorier har sedan legat till grund för de riktlinjer som utgör resultatet av detta arbete. GDPR Privacy by Design Personlig integritet Krav Kravspecifikation Kravhantering Agil Dataportabilitet Personuppgifter Datalagring Informationssäkerhet Information Systems
12	Hur påverkas systemutvecklingsprocessen av implementeringen av GDPR / Does the implementation of GDPR affect the system development process? Andersson, Adam, Syldevik, Christoffer January 2019 (has links) On May 25th 2018 a new general data protection regulation called GDPR took effect. The regulation contains rules regarding usage, storage and handling of data from individuals resident within The European Union. The new regulation caused big headlines regarding the impact GDPR would have on the affected enterprises and organizations. One aspect that hasn’t been mentioned considerably is how GDPR has and will affect the system development process. The difficulty with implementing GDPR has shown to have its origin in the fact that the regulation is fairly new which means that it’s still ambiguous and difficult to apply. That means that there has been room for different takes on GDPR and its rules which has contributed to various opinions on how GDPR should be implemented. The purpose of this thesis was to study how the implementation of GDPR has affected the system development process among enterprises and organizations. The method that has been used in the thesis is a qualitative interview study of two enterprises. The acquired data have been collected mainly from four interviewing persons, two from each enterprise. The data collected from the interviews has been analyzed with the method grounded theory. The conclusion of the thesis is that the system development process has been affected by the implementation of GDPR. The regulation is however not believed to affect the enterprises to the extent that any extensive restructuring has been necessary. Based on the result from the interviews it is rather believable that GDPR actually had a positive effect among the enterprises. The thesis also resulted in a model which illustrates the system development process and the aspects of GDPR considered to have a substantial effect. System development process GDPR Privacy by design Privacy by default Data protection Computer and Information Sciences Data- och informationsvetenskap
13	Vad innebär GDPR för e-handlare? En studie om GDPR och dess påverkan på svenska e-handelsföretag / What does the GDPR mean for e-commerce businesses? A study of GDPR and its effect on swedish e-commerce businesses Hellstrand, Malin, Putnoki, Lilla January 2018 (has links) The aim of this bachelor thesis is to examine which adaptions Swedish e-commerce businesses have done to prepare for the new General Data Protection Regulation (GDPR). Using a qualitative method this study investigates how these companies have prepared themselves and what they have done to get their digital platforms such as websites, email and social media in order to be GDPR proof. The method which is used is semi structured interviews. The result of the study shows that the companies have been missing concrete guidelines on how the adaptions should be done from the Swedish government. The majority of the adaptions are therefor built on the businesses own adaptions of the new regulation. The conclusion reached in this thesis is that it has been hard for the companies to convert the law’s requirements into practical technical solutions. Informationsarkitektur (IA) digitala plattformar Privacy by Design (PbD) e-handel Information Studies Biblioteks- och informationsvetenskap
14	Designing Usable Transparency for Mobile Health Research: The impact of transparency enhancing tools on the users’ trust in citizen science apps Maus, Benjamin January 2020 (has links) Medical researchers are exploring the potential of patients’ mobile phones and wearables for medical studies. The contribution of volunteers in a form of citizen science, where citizens donate their data for research purposes, can enable studies on a large scale. This research area, known as mobile health, often relies on shared data such as tracked steps or self- reporting forms. Privacy, transparency and trust play a fundamental role in the interaction of users with related platforms that agglomerate medical studies.This project explores privacy concerns of potential users of mobile health citizen science apps, summarises similar user patterns and analyses the impact of transparency enhancing tools on the users’ trust. In this context, a prototype with different features that aim to increase the transparency is designed, tested and evaluated. The results indicate how users perceive the importance and the generated trust of the proposed features and provide recommendations for data donation platforms. mobile health citizen science transparency enhancing tools privacy by design trust kano analysis user-centred design data donation Engineering and Technology Teknik och teknologier
15	Les processus métiers en tant que services - BPaaS : sécurisation des données et des services / Business process as a service - BPaaS : securing data and services Bentounsi, Mohamed el Mehdi 14 September 2015 (has links) Malgré les avantages économiques de l’informatique en nuage (ou cloud computing) pour les entreprises et ses multiples applications envisagées, il subsiste encore des obstacles pour son adoption à grande échelle. La sécurité des données sauvegardées et traitées dans le nuage arrive en tête des préoccupations des décideurs des directions des systèmes d'information. De ce fait, l'objectif principal de nos travaux de recherche lors de cette thèse de doctorat est de poser des bases solides pour une utilisation sûre et sécurisée du nuage. Dans un premier lieu, l’externalisation des processus métiers vers le nuage permet aux entreprises de réduire les couts d’investissement et de maitriser les couts d’exploitation de leurs systèmes d’information ; Elle permet aussi de promouvoir la réutilisation des parties (ou fragments) de ses processus métiers en tant que service cloud, éventuellement par des concurrents directs, afin de faciliter le développement de nouvelles applications orientés services ‘SOA’, ainsi la collaboration à l’échelle du nuage. Néanmoins, le fait de révéler la provenance d’un fragment réutilisé est considérée comme une brèche dans la vie privée et risque d’être dommageable pour l’entreprise propriétaire de ce fragment. Les techniques d’anonymisation des données ont fait leurs preuves dans le domaine des bases de données. Notre principale contribution dans cette partie est la proposition d’un protocole basée sur l’anonymisation des fragments de processus métiers afin de garantir à la fois, la vie privée de leurs propriétaires et la disponibilité de ces fragments pouvant être réutilisés dans le nuage. Les systèmes d’authentification biométriques permettent une authentification des individus avec une garantit suffisante. Néanmoins, le besoin en ressources informatiques ‘calcul et stockage’ de ces systèmes et le manque de compétences au sein des organismes freinent considérablement leurs utilisations à grande échelle. Le nuage offre la possibilité d’externaliser à la fois le calcul et le stockage des données biométriques à moindre cout et de proposer une authentification biométrique en tant que service. Aussi, l’élasticité du nuage permet de répondre aux pics des demandes d’authentifications aux heures de pointes. Cependant, des problèmes de sécurité et de confidentialité des données biométriques sensibles se posent, et par conséquent doivent être traité afin de convaincre les institutions et organismes à utiliser des fragments externes d'authentification biométriques dans leurs processus métiers. Notre principale contribution dans cette partie est un protocole léger ‘coté client’ pour une externalisation (sur un server distant) de la comparaison des données biométriques sans révéler des informations qui faciliteraient une usurpation d’identité par des adversaires. Le protocole utilise une cryptographie légère basée sur des algorithmes de hachage et la méthode de 'groupe de tests combinatoires', permettant une comparaison approximative entre deux données biométriques. Dans la dernière partie, nous avons proposé un protocole sécurisé permettant la mutualisation d’un Hyperviseur (Outil permettant la corrélation et la gestion des événements issus du SI) hébergé dans le nuage entre plusieurs utilisateurs. La solution proposée utilise à la fois, le chiffrement homomorphique et la réécriture de règles de corrélation afin de garantir la confidentialité les évènements provenant des SI des différents utilisateurs. Cette thèse a été réalisée à l'Université Paris Descartes (groupe de recherche diNo du LIPADE) avec le soutien de la société SOMONE et l'ANRT dans le cadre d'une convention CIFRE. / Cloud computing has become one of the fastest growing segments of the IT industry. In such open distributed computing environments, security is of paramount concern. This thesis aims at developing protocols and techniques for private and reliable outsourcing of design and compute-intensive tasks on cloud computing infrastructures. The thesis enables clients with limited processing capabilities to use the dynamic, cost-effective and powerful cloud computing resources, while having guarantees that their confidential data and services, and the results of their computations, will not be compromised by untrusted cloud service providers. The thesis contributes to the general area of cloud computing security by working in three directions. First, the design by selection is a new capability that permits the design of business processes by reusing some fragments in the cloud. For this purpose, we propose an anonymization-based protocol to secure the design of business processes by hiding the provenance of reused fragments. Second, we study two di_erent cases of fragments' sharing : biometric authentication and complex event processing. For this purpose, we propose techniques where the client would only do work which is linear in the size of its inputs, and the cloud bears all of the super-linear computational burden. Moreover, the cloud computational burden would have the same time complexity as the best known solution to the problem being outsourced. This prevents achieving secure outsourcing by placing a huge additional overhead on the cloud servers. This thesis has been carried out in Université Paris Descartes (LIPADE - diNo research group) and in collaboration with SOMONE under a Cifre contract. The convergence of the research fields of those teams led to the development of this manuscrit. Informatique en nuage Sécurité et vie privée Processus métiers Réutilisation de processus Biométrie Supervision et hypervision informatique Cloud computing Security and privacy by design Business processes Process reuse Biometric IT monitoring 004
16	The EU General Data Protection Regulations and their consequences on computer system design / EUs allmänna dataskyddsförordning och dess konsekvenser för programsystemteknik Magnusson, Wilhelm January 2017 (has links) As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR. / Vid framställningen av denna avhandling är det mindre än ett år innan EUs nya dataskyddsförordning (GDPR) träder i kraft. Många har bristande förståelse av de nya förordningarna och rykten av varierande korrekthet cirkulerar inom IT industrin. Denna avhandling utför en kritisk undersökning utav de delar inom GDPR som berör system design och arkitektur och beskriver dess innebörd för system design. De nya lagarna jämförs med de föregående dataskyddslagarna (Direktiv 95/46/EC) för att påvisa de modifikationer som kommer krävas för att anpassa datorsystem till de nya förordningarna. Genom att undersöka de äldre dataskyddslagarnas effekt på industrin görs även förutsägelser kring hur GDPR kommer påverka IT industrin inom den närmaste framtiden. Än av de intressantare frågorna är vilka metoder som finns tillgängliga för att underlätta systemanpassningar relaterade till dataskyddsförordningar. Denna avhandling syftar att identifiera de mest etablerade av dessa typer av processer och jämföra deras lämplighet i förhållande till GDPR. GDPR PbD PIA PUL privacy impact assessment privacy by design Directive 95/46/EC General Data Protection Regulations Computer Sciences Datavetenskap (datalogi)
17	La surveillance diffuse : entre Droit et Norme / The diffuse surveillance : between Law and Norm Codron, Clemence 15 June 2018 (has links) L’évolution des notions juridiques de vie privée et de données personnelles. A l’inverse de la littérature foisonnante sur le thème de la surveillance, il ne s’agit pas ici de mettre en avant la nécessité de trouver un équilibre entre la surveillance entendue dans sa dimension sécuritaire et la protection de la vie privée et des données personnelles, en ce qu’elle constitue une liberté fondamentale reconnue par les institutions françaises et européennes. Cette recherche d’une balance équilibrée entre sécurité et liberté doit nécessairement être dépassée pour comprendre le phénomène de surveillance diffuse. La surveillance n’est plus la simple activité de recherche de renseignements concernant un individu potentiellement dangereux. Elle s’inscrit plutôt dans la poursuite de ceque Hannah Arendt qualifie de « crise de la culture ». La surveillance diffuse est même l’une des caractéristiques de la culture contemporaine dominée par la peur, la consommation et l’aliénation par les technologies. Devenue la nouvelle norme sociale admise, la surveillance diffuse désinstitue le droit des données personnelles et la protection de la vie privée. Progressivement, elle désinstitue également le Droit au profit du libéralisme économique qu’elle porte en son sein. / The purpose of this research is to understand how diffuse surveillance fits into the evolution of legal concepts of privacy and personal data. Contrary to the abundant literature on the subject of surveillance, it is not a questionhere of highlighting the need to find a balance between surveillance in its security dimension and the protection of privacy and data, as a fundamental freedom recognized by French and European institutions. This search for a balance between security and freedom must necessarily be overcome to understand the phenomenon of diffuse surveillance. Surveillance is no longer just a search for information about a potentially dangerous individual. Rather, it is a continuation of what Hannah Arendt calls the « crisis of culture ». Diffuse surveillance is even oneof the features of contemporary culture dominated by fear, consumption and alienation by technology. Having become the new accepted social norm, the diffuse surveillance deinstitutes the right of the personal data and the protection of the private life. Gradually, it also deinstitutes the Law to profit from the economic liberalism that it carries within it. Surveillance Surveillance diffuse Vie privée Donnée personnelle Norme Information Désinstitution du Droit Libéralisme Contrôle social Nudge Economie de l'attention Panoptique Privacy by design Surveillance Diffuse surveillance Privacy Personal Data Norm Information Deinstitution of Law Liberalism Social control Nudge The "attention economy" Panopticon Privacy by design
18	Analysmodell för inbyggt dataskydd och dataskydd som standard Ökvist, Nicklas, Furberg, Max January 2017 (has links) No description available. General Data Protection Regulation GDPR reform of EU data protection rules Design Science Research DSR Proof-of-Concept IT-artefact model personal data protection data protection by design and by default Privacy-by-Design Dataskyddsförordningen GDPR dataskyddsreformen Design Science Research DSR Proof-of-Concept IT-artefakt modell persondataskydd Privacy-by-Design Information Systems
19	Ljudövervakningssystem för smarta städer : Designriktlinjer i enlighet med svensk lagstiftning Skiöld, Martin, Näslund Eriksson, Tobias January 2016 (has links) This paper investigates how audio monitoring systems should be designed, in the context of smart cities and in accordance with Swedish legislation. Audio monitoring for smart cities is promising and have previously shown great potential. However its opportunities are still relatively unexplored. ShotSpotter is one of several examples of audio monitoring in the context of smart cities. In the US only, the system has successfully been used to alert and locate shootings in over 90 cities. However, the technology is surrounded by controversies and there has been debate whether audio monitoring systems are compatible with law. Compatibility is critical since incompatibility could result in severe sanctions. Research related to this paper has been conducted according to the Design Science research strategy. The research resulted in design guidelines for audio monitoring systems, for law enforcement purposes, in accordance with Swedish law. The design guidelines are based upon existing audio monitoring systems, previous research and empirical data. The empirical data consists of 12 interviews with experts in law, phonetics and digital forensics. Additionally, the design guidelines have been evaluated by an expert in a criteria-based evaluation interview. Results of the research shows that it is, in fact, possible to design audio monitoring systems, in the context of smart cities, in accordance with Swedish legislation. The design guidelines can be applied in the development of audio monitoring systems with law enforcement purposes. With some modification, they can also be used for audio monitoring systems with other purposes. / Uppsatsen syftar till att undersöka hur ljudövervakningssystem inom ramen för smarta städer- konceptet bör utformas i enlighet med svensk lagstiftning. Ljudövervakning för smarta städer har visat på stor potential och ännu är dess möjligheter outforskade. ShotSpotter är ett av flera exempel på ljudövervakning inom ramen för smarta städer. Systemet har med framgång använts för att uppmärksamma och lokalisera skottlossningar i över 90 amerikanska städer. Det råder dock debatt huruvida ljudövervakningssystemet är kompatibelt med lagstiftning. Denna kompatibilitet är kritisk då det motsatta kan resultera i stränga påföljder och därmed utgöra direkta hinder för implementation. Forskning i relation till uppsatsen har genomförts inom ramen för forskningsstrategin Design Science. Forskningsprocessen har mynnat ut i designriktlinjer för hur ett ljudövervakningssystem med brottsbekämpande syfte bör utformas i enlighet med svensk lagstiftning. Designriktlinjerna baseras på befintliga ljudövervakningssystem, tidigare forskning och omfattande empiriskt underlag. Det empiriska underlaget utgörs av 12 intervjuer med olika typer av experter inom juridik, fonetik och IT- forensik. Designriktlinjerna har med framgång utvärderats i en kriteriebaserad expertintervju. Av forskningsresultatet att döma är det möjligt att utforma ljudövervakningssystem för smarta städer i enlighet med svensk lagstiftning. De framtagna designriktlinjerna kan användas vid utveckling av ljudövervakningssystem med brottsbekämpande syfte. Med viss modifikation kan de även användas för ljudövervakningssystem med andra syften. Audio Monitoring Systems Intelligent Acoustics Acoustic Sensing Smart Cities Internet of Things Privacy by Design Design Guidelines ShotSpotter EAR-IT IT law Legal Conditions Legal Compliance Ljudövervakningssystem Smarta Städer Inbyggd Integritet Designriktlinjer ShotSpotter EAR-IT IT-rätt Juridiska förutsättningar
20	Kunskap och attityder kring digitala fotspår och hur det påverkar användandet av internet : En studie om integritet, tillit och egenmakt Jarboh, Mathias January 2017 (has links) Det finns enorma mängder data att samla in om dagens internetanvändare. Det går idag att med hjälp av människors digitala avtryck avgöra vad de har för intressen, vart de rör sig, samt hur de i framtiden kan komma att agera. I denna studie har det studerats vilken roll attityder och tidigare kunskaper om digitala fotspår har i användandet av internet. Inom ramen för denna uppsats har det också studerats om och hur teorier grundande i begreppen tillit, integritet och egenmakt har haft för inverkan på informanterna. I studien har det använts kulturella sonder för att agera provokatör och inspiratör inför de efterföljande intervjuerna. Resultatet visar att tidigare utbildning och förkunskaper om digitala fotspår har en liten till icke existerande effekt på användandet. Istället verkar det som att tidigare upplevelser och attityder kring digitala fotspår har en större inverkan på användandet av internet. / There are huge amounts of data to collect on today's internet users. Today, with the help of digital footprints, we can calculate people´s interests, where they are moving, and how they may act in the future. In this study, I look at the functions of attitudes and previous knowledge of digital footprints in the use of the internet. In the context of this essay, it has also been examined how theories founded on the concepts trust, integrity and empowerment have had an impact on the informants. In the study, cultural probes have been used to act as provocateur and as inspiration for the subsequent interviews. The result shows that previous education and knowledge for digital footprints have a small to non-existent effect on the use. Instead, it seems that previous experiences and attitudes about digital footprints have a greater impact on the use of the internet. Empowerment User Empowerment Trust Privacy Digital Footprints Big Data GDPR Agency Privacy by design cultural probes. Egenmakt User empowerment Tillit Integritet Digitala Fotspår Big data Dataskyddsförordningen Agens Inbyggd integritet Kulturella sonder Media and Communication Technology Medieteknik

Search results