共查询到20条相似文献,搜索用时 31 毫秒
1.
Christos Kalloniatis Evangelia Kavakli Stefanos Gritzalis 《Requirements Engineering》2008,13(3):241-255
A major challenge in the field of software engineering is to make users trust the software that they use in their every day
activities for professional or recreational reasons. Trusting software depends on various elements, one of which is the protection
of user privacy. Protecting privacy is about complying with user’s desires when it comes to handling personal information.
Users’ privacy can also be defined as the right to determine when, how and to what extend information about them is communicated
to others. Current research stresses the need for addressing privacy issues during the system design rather than during the
system implementation phase. To this end, this paper describes PriS, a security requirements engineering method, which incorporates
privacy requirements early in the system development process. PriS considers privacy requirements as organisational goals
that need to be satisfied and adopts the use of privacy-process patterns as a way to: (1) describe the effect of privacy requirements
on business processes; and (2) facilitate the identification of the system architecture that best supports the privacy-related
business processes. In this way, PriS provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems.
The PriS way-of-working is formally defined thus, enabling the development of automated tools for assisting its application.
相似文献
Stefanos GritzalisEmail: |
2.
《Information & Management》2006,43(7):805-820
Privacy concerns and practices, especially those dealing with the acquisition and use of consumer personal information, are at the forefront of global business and social issues associated with the information age. Our research examined the privacy policies of the Fortune 500 to assess the substance and content of their stated information practices and the degree to which they adhered to the fair information practices (FIP).From the observations, we developed a Privacy Policy Assessment Matrix that can be used to evaluate how well a firm addresses information privacy concerns. The matrix was used to analyze the Fortune 500 firms to understand their privacy maturity. The results provided practical and theoretical implications for addressing information privacy issues. 相似文献
3.
Information privacy is much broader than data security. It's about the collection, processing, use, and protection of personal information. Essentially, business processes, IT systems, and compliance controls must support the full set of requirements embodied in these principles and expressed in relevant laws and policies. Implementation choices, including automation level and security control selection, become business and business-risk decisions. To institute such principles, businesses should understand the critical need for policy-driven security and privacy compliance in developing the right business processes and overall technical architecture. 相似文献
4.
5.
The increasing use of personal information on Web-based applications can result in unexpected disclosures. Consumers often have only the stated Web site policies as a guide to how their information is used, and thus on which to base their browsing and transaction decisions. However, each policy is different, and it is difficult—if not impossible—for the average user to compare and comprehend these policies. This paper presents a taxonomy of privacy requirements for Web sites. Using goal-mining, the extraction of pre-requirements goals from post-requirements text artefacts, we analysed an initial set of Internet privacy policies to develop the taxonomy. This taxonomy was then validated during a second goal extraction exercise, involving privacy policies from a range of health care related Web sites. This validation effort enabled further refinement to the taxonomy, culminating in two classes of privacy requirements: protection goals and vulnerabilities. Protection goals express the desired protection of consumer privacy rights, whereas vulnerabilities describe requirements that potentially threaten consumer privacy. The identified taxonomy categories are useful for analysing implicit internal conflicts within privacy policies, the corresponding Web sites, and their manner of operation. These categories can be used by Web site designers to reduce Web site privacy vulnerabilities and ensure that their stated and actual policies are consistent with each other. The same categories can be used by customers to evaluate and understand policies and their limitations. Additionally, the policies have potential use by third-party evaluators of site policies and conflicts.
相似文献
Annie I. AntónEmail: |
6.
Privacy is an important aspect of interoperable medical information systems. Governments and health care organizations have
established privacy policies to prevent abuse of personal health data. These policies often require organizations to obtain
patient consent prior to exchanging personal information with other interoperable systems. The consents are defined in form
of so-called disclosure directives. However, policies are often not precise enough to address all possible eventualities and
exceptions. Unanticipated priorities and other care contexts may cause conflicts between a patient’s disclosure directives
and the need to receive treatments from informed caregivers. It is commonly agreed that in these situations patient safety
takes precedence over information privacy. Therefore, caregivers are typically given the ability to override the patient’s
disclosure directives to protect patient safety. These overrides must be logged and are subject to privacy audits to prevent
abuse. Centralized “shared health record” (SHR) infrastructures include consent management systems that enact the above functionality.
However, consent management mechanisms do not extend to information systems that exchange clinical information on a peer-to-peer
basis, e.g., by secure messaging. Our article addresses this gap by presenting a consent management mechanism for peer-to-peer
interoperable systems. The mechanism restricts access to sensitive, medical data based on defined consent directives, but
also allows overriding the policies when needed. The overriding process is monitored and audited in order to prevent misuse.
The mechanism has been implemented in an open source project called CDAShip and has been made available on SourceForge. 相似文献
7.
Analyzing Regulatory Rules for Privacy and Security Requirements 总被引:2,自引:0,他引:2
Breaux T.D. Anton A.I. 《IEEE transactions on pattern analysis and machine intelligence》2008,34(1):5-20
Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. 相似文献
8.
Fabio Massacci John Mylopoulos Nicola Zannone 《The VLDB Journal The International Journal on Very Large Data Bases》2006,15(4):370-387
The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. On the basis of the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.This is an expanded and revised version of [20]. 相似文献
9.
A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments 总被引:1,自引:0,他引:1
S. Gritzalis A. N. Yannacopoulos C. Lambrinoudakis P. Hatzopoulos S. K. Katsikas 《International Journal of Information Security》2007,6(4):197-211
Day by day the provision of information technology goods and services becomes noticeably expensive. This is mainly due to
the high labor cost for the service providers, resulting from the need to cover a vast variety of application domains and
at the same time to improve or/and enhance the services offered in accordance to the requirements set by the competition.
A business model that could ease the problem is the development or/and provision of the service by an external contractor
on behalf of the service provider; known as Information Technology Outsourcing. However, outsourcing a service may have the side effect of transferring personal or/and sensitive data from the outsourcing
company to the external contractor. Therefore the outsourcing company faces the risk of a contractor who does not adequately
protect the data, resulting to their non-deliberate disclosure or modification, or of a contractor that acts maliciously in
the sense that she causes a security incident for making profit out of it. Whatever the case, the outsourcing company is legally
responsible for the misuse of personal data or/and the violation of an individual’s privacy. In this paper we demonstrate
how companies adopting the outsourcing model can protect the personal data and privacy of their customers through an insurance
contract. Moreover a probabilistic model for optimising, in terms of the premium and compensation amounts, the insurance contract
is presented. 相似文献
10.
Requirements Engineering - Companies that collect personal information online often maintain privacy policies that are required to accurately reflect their data practices and privacy goals. To be... 相似文献
11.
This paper examines the privacy implications of the different online practices in which young people disclose personal information, and how associated configurations of choice and control create possibilities for violations of online privacy. The implications of the commercial and non-commercial use of young peoples' personal information are examined, with a specific focus on how this can potentially facilitate cyberbullying. The paper suggests that educational strategies should more clearly focus on encouraging young people to protect their online privacy, encourage control over disclosure practices, and consider the potential commercial and non-commercial uses of their information. There is a need for development of these strategies to be informed by empirical research exploring the everyday contexts and social norms which influence young peoples' online behaviour. Such an evidence-base can inform a critical review of educational, legal and regulatory actions which aim to protect their online privacy and safety. 相似文献
12.
N. V. Patel 《Requirements Engineering》1999,4(2):77-84
This paper is a discussion on the problem of establishing information requirements in changing and ongoing business organisations.
Attempts within existing software development paradigms to cope with business change are identified and discussed, and their
problems concerning business change are highlighted. The alternative spiral of change model of tailorable information systems
is proposed for thinking about establishing changing and ongoing information systems requirements. It is also proposed that
information should be reconceptualised as tailorable. Such a reconceptualisation would allow us to explore ways of establishing
information systems requirements that cope with business change. Deferred system’s design is proposed as a form of business
software design and development that can cope with business change, as well as with the contextual and situational nature
of tailorable information. 相似文献
13.
Wendy A. Schafer Craig H. Ganoe John M. Carroll 《Computer Supported Cooperative Work (CSCW)》2007,16(4-5):501-537
Emergency management is more than just events occurring within an emergency situation. It encompasses a variety of persistent
activities such as planning, training, assessment, and organizational change. We are studying emergency management planning
practices in which geographic communities (towns and regions) prepare to respond efficiently to significant emergency events.
Community emergency management planning is an extensive collaboration involving numerous stakeholders throughout the community
and both reflecting and challenging the community’s structure and resources. Geocollaboration is one aspect of the effort.
Emergency managers, public works directors, first responders, and local transportation managers need to exchange information
relating to possible emergency event locations and their surrounding areas. They need to examine geospatial maps together
and collaboratively develop emergency plans and procedures. Issues such as emergency vehicle traffic routes and staging areas
for command posts, arriving media, and personal first responders’ vehicles must be agreed upon prior to an emergency event
to ensure an efficient and effective response. This work presents a software architecture that facilitates the development
of geocollaboration solutions. The architecture extends prior geocollaboration research and reuses existing geospatial information
models. Emergency management planning is one application domain for the architecture. Geocollaboration tools can be developed
that support community-wide emergency management planning and preparedness. This paper describes how the software architecture
can be used for the geospatial, emergency management planning activities of one community. 相似文献
14.
Jeremy Hilton 《Information Security Technical Report》2009,14(3):124-130
This article introduces the growing importance of privacy and the need for an improved understanding of the issues involved. A key requirement is for organisations to better understand the relationship between security and privacy and, therefore, to ensure the design of their systems includes the ability to safeguard privacy and staff consistently apply controls that include the protection of individuals' personal data. A new approach to information security is proposed, as well as some outline results of the application of new methods and mechanisms for ensuring privacy in multi-agency data sharing. It is hoped that this article will prompt dialogue about the need to reconsider existing methods and tools for securely managing data. 相似文献
15.
Priscilla Regan 《突发事故与危机管理杂志》2003,11(1):12-18
In the online and offline worlds, the value of personal information – especially information about commercial purchases and preferences – has long been recognised. Exchanges and uses of personal information have also long sparked concerns about privacy. Public opinion surveys consistently indicate that overwhelming majorities of the American public are concerned that they have lost all control over information about themselves and do not trust organisations to protect the privacy of their information. Somewhat smaller majorities favour federal legislation to protect privacy. Despite public support for stronger privacy protection, the prevailing policy stance for over thirty years has been one of reluctance to legislate and a preference for self‐regulation by business to protect privacy. Although some privacy legislation has been adopted, policy debates about the commercial uses of personal information have been dominated largely by business concerns about intrusive government regulation, free speech and the flow of commercial information, costs, and effectiveness. Public concerns about privacy, reflected in public opinion surveys and voiced by a number of public interest groups, are often discredited because individuals seem to behave as though privacy is not important. Although people express concern about privacy, they routinely disclose personal information because of convenience, discounts and other incentives, or a lack of understanding of the consequences. This disconnect between public opinion and public behaviour has been interpreted to support a self‐regulatory approach to privacy protections with emphasis on giving individuals notice and choice about information practices. In theory the self‐regulatory approach also entails some enforcement mechanism to ensure that organisations are doing what they claim, and a redress mechanism by which individuals can seek compensation if they are wronged. This article analyses the course of policy formulation over the last twenty years with particular attention on how policymakers and stakeholders have used public opinion about the commercial use of personal information in formulating policy to protect privacy. The article considers policy activities in both Congress and the Federal Trade Commission that have resulted in an emphasis on “notice and consent.” The article concludes that both individual behaviour and organisational behaviour are skewed in a privacy invasive direction. People are less likely to make choices to protect their privacy unless these choices are relatively easy, obvious, and low cost. If a privacy protection choice entails additional steps, most rational people will not take those steps. This appears logically to be true and to be supported by behaviour in the physical world. Organisations are unlikely to act unilaterally to make their practices less privacy invasive because such actions will impose costs on them that are not imposed on their competitors. Overall then, the privacy level available is less than what the norms of society and the stated preferences of people require. A consent scheme that is most protective of privacy imposes the largest burden on the individual, as well as costs to the individual, while a consent scheme that is least protective of privacy imposes the least burden on the individual, as well as fewer costs to the individual. Recent experience with privacy notices that resulted from the financial privacy provisions in Gramm‐Leach‐Bliley supports this conclusion. Finally, the article will consider whether the terrorist attacks of 11 September have changed public opinion about privacy and what the policy implications of any changes in public opinion are likely to be. 相似文献
16.
Throughout the world, sensitive personal information is now protected by regulatory requirements that have translated into significant new compliance oversight responsibilities for IT managers who have a legal mandate to ensure that individual employees are adequately prepared and motivated to observe policies and procedures designed to ensure compliance. This research project investigates the antecedents of information privacy policy compliance efficacy by individuals. Using Health Insurance Portability and Accountability Act compliance within the healthcare industry as a practical proxy for general organizational privacy policy compliance, the results of this survey of 234 healthcare professionals indicate that certain social conditions within the organizational setting (referred to as external cues and comprising situational support, verbal persuasion, and vicarious experience) contribute to an informal learning process. This process is distinct from the formal compliance training procedures and is shown to influence employee perceptions of efficacy to engage in compliance activities, which contributes to behavioural intention to comply with information privacy policies. Implications for managers and researchers are discussed. 相似文献
17.
Henrik Brocke Falk Uebernickel Walter Brenner 《Information Systems and E-Business Management》2011,9(2):283-302
IT providers are increasingly facing the challenge to adapt their previously resource oriented service portfolios in order
to offer their customers services which explicitly support business processes. Such customer centric service propositions,
however, seem to contradict the demand for standardized and automated operational IT processes more than traditional IT service
offers, as they are even more subject to customer individual reengineering efforts due to permanently changing business requirements.
In order to reconcile increased efficiency in operational processes and effectiveness in consumer oriented service propositions,
we propose (1) to predefine all service propositions in consideration of both consumer oriented commitments and operational
processes, and (2) to allow for standardized customization by offering a selection of complementary service propositions that
extend commitments regarding customer oriented functionality and performance. Such service propositions are aligned with a
company’s entities such as workplaces. Thereby the customer organization is enabled to trace, control and adjust commitments,
value and expenses of IT services per entity in its business. We introduce a procedural model for designing and on-demand
requesting this kind of service propositions, and we illustrate the model’s application and impact by examples taken from
two large projects with an associated IT provider. 相似文献
18.
Grigorios Loukides Aris Gkoulalas-Divanis Bradley Malin 《Knowledge and Information Systems》2011,28(2):251-282
Publishing transactional data about individuals in an anonymous form is increasingly required by organizations. Recent approaches
ensure that potentially identifying information cannot be used to link published transactions to individuals’ identities.
However, these approaches are inadequate to anonymize data that is both protected and practically useful in applications because
they incorporate coarse privacy requirements, do not integrate utility requirements, and tend to explore a small portion of
the solution space. In this paper, we propose the first approach for anonymizing transactional data under application-specific
privacy and utility requirements. We model such requirements as constraints, investigate how these constraints can be specified,
and propose COnstraint-based Anonymization of Transactions, an algorithm that anonymizes transactions using a flexible anonymization
scheme to meet the specified constraints. Experiments with benchmark datasets verify that COAT significantly outperforms the
current state-of-the-art algorithm in terms of data utility, while being comparable in terms of efficiency. Our approach is
also shown to be effective in preserving both privacy and utility in a real-world scenario that requires disseminating patients’
information. 相似文献
19.
Investigations of offshore outsourcing of information systems have presented little evidence on developing country software
and information technology (IT) industries. This study probes how Indian software and IT suppliers trade off work in India
versus bodyshopping of employees. Worldwide clients view these practices as full offshoring versus on-shore temporary hiring
from an Indian firm, but these practices are probed from suppliers’ perspective. Suppliers’ characteristics are theorized
to affect their use of bodyshopping versus in-India work. A Reserve Bank of India survey of every Indian software and IT firm
elicited suppliers’ use of bodyshopping to serve clients abroad. Consistent with theoretical rationales, suppliers that were
larger, incorporated, public, and owned foreign subsidiaries most frequently provided bodyshopping among their international
services. Bodyshopping was used frequently for IT purchasing and systems maintenance and infrequently for business process
applications, and was infrequent to nations where bodyshopped labor costs were high. The evidence expands knowledge of the
vibrant entrepreneurial IT industry in India and how it serves client firms abroad. 相似文献
20.
Autonomic computing and communication has become a new paradigm for dynamic service integration and resource sharing in today's
ambient networks. Devices and systems need to dynamically collaborate and federate with little known or even unknown parties
in order to perform everyday tasks. Those devices and systems act as independent nodes that autonomously manage and enforce
their own security policies.
Thus in autonomic pervasive communications clients may not know a priori what access rights they need in order to execute
a service nor service providers know a priori what credentials and privacy requirements clients have so that they can take
appropriate access decisions.
To solve this problem we propose a negotiation scheme that protects security and privacy interests with respect to information
disclosure while still providing effective access control to services. The scheme proposes a negotiation protocol that allows
entities in a network to mutually establish sufficient access rights needed to grant a service.
相似文献
相似文献