China
Africa
Explore chapters and articles related to this topic
IT Governance and Data Protection
Published in Preston de Guise, Data Protection, 2020
Every solution developed by an organization, regardless of whether it uses locally created technology, purchased components, or outsourced systems, must be developed with three essential data protection tenets in mind: Integrity: The solution as a whole must provide a sufficient degree of data integrity in order to minimize data loss or corruption events. “Sufficient” will vary depending on the workload, and whether we are referring to on-platform, or off-platform protection for the workload. Data integrity is about instilling confidence in the business that data is safely stored and modified only by a legitimate process.Reliability: The solution should be designed to minimize the level of downtime that users will experience, both planned and unplanned. Planned downtime refers to any required function (e.g., maintenance) that blocks or impedes the time for which the service is available. Unplanned downtime, on the other hand, speaks to the robustness of the solution.Recoverability: Like it or not, things will happen which cannot be solved by either integrity or reliability functions. Data will be lost, or corrupted, due to the simple nature of humans to make mistakes, and the random chance to interfere with what we do. So the solution has to include functionality to recover data that has been lost. (By necessity, this implies the system also has to include functionality to backup that data in the first place.)
Establishing the Risk Status of the Corporate Infrastructure
Published in Dan Shoemaker, Anne Kohnke, Ken Sigler, How to Build a Cyber-Resilient Organization, 2018
Shoemaker Dan, Kohnke Anne, Sigler Ken
Organizations are struggling with how to address cybersecurity issues and finding knowledgeable and capable talent to do so. And throwing money at the problem without understanding the unique security requirements of the organization will not help. It is critical to start at the beginning and understand the business, specifically the business requirements; essential processes; mission critical systems and data; activities that must be performed to meet business objectives and goals; legal and governmental regulations; and customer needs/expectations. This information is then used to determine functional security requirements such as: Access control—It involves determining who (employees, contractors, suppliers, etc.) and what (systems, interfaces) requires access either physically (to information technology (IT) assets, rooms, buildings, or campuses) or logically (to system files, networks, data) to organizational resources. Access controls perform the necessary function of identifying and authenticating who or what can view or use resources in the computing environment.Privacy—The organization may need to support anonymity, pseudonymity, or unlinkability, however serious consideration of non-repudiation must be considered. Non-repudiation involves providing proof of the integrity and origin of data to ensure that a communication or party to a contract cannot deny the authenticity of sending a message they originated or a document they signed. As you can discern, non-repudiation and privacy can seriously conflict with one another.User data protection—Policies on access control and data information flow rules must be in place to support the transmission of user data, data at rest, off-line storage, and residual information protection such as the ability to recover “deleted” data.Security audits—It includes the identification of what the organization wants to make auditable, what activities get recorded, stored, and analyzed.Trusted path/channels—It involves establishing a way in which users can ensure they are connecting to the real site, as hackers use forged login screens that mock corporate web pages.Data integrity—It involves the assurance of the accuracy and consistency of data over its entire life cycle. This can be accomplished during the database design phase when entity, referential, and domain integrity constraints are implemented.Availability—It involves ensuring that software applications, tools, systems, and information are available when and where it is rightly needed.
An Overview of Security Issues of Internet of Things
Published in Lavanya Sharma, Mukesh Carpenter, Computer Vision and Internet of Things, 2022
Lavanya Sharma, Sudhriti Sengupta, Nirvikar Lohan
Security in IoT devices includes protecting information and data, hardware components, and services of the device from unauthorized access. Both the data and information stored in the device and those in transit should be protected [16,18]. The major problems with IoT devices are identified as follows: Data IntegrityThe integrity of data is defined as the assurance of maintaining data accuracy and consistency throughout the storage lifecycle [23].System SecurityThis issue mainly focuses on the overall security of IoT systems to detect various security issues to design various security frameworks and offer appropriate security guidelines to maintain the security of a network.AuthorizationThe process of granting privilege and specifying access rights is known as authorization [24,25].Application SecurityThis security works for the application to manage security challenges or issues as per situation constraints. In general, security evaluation at the application level prevents data hijacking within the app such as hardware or software that minimizes security vulnerabilities.Data ConfidentialityThe practice of keeping private data secret is known as data confidentiality [23–25].System VulnerabilitiesA lot of work is done by researchers in software vulnerability. Various IoT devices have low-quality software susceptibility to different types of vulnerabilities which are common in the early 2000 and late 1990s. These devices are vulnerable to weak usage of cryptography, authentication, deployment issue, system software (s/s) exploits, and so on.Network SecurityThis security handles communication attacks on the data which can be transmitted between servers and IoT devices.Lack of Common StandardThere are various standards for IoT device-manufacturing companies. Therefore, it becomes a major challenging issue to differentiate between authorized and non-authorized devices connected to the internet.
Smart Cities, Playable Cities, and Cybersecurity: A Systematic Review
Published in International Journal of Human–Computer Interaction, 2023
Gustav Verhulsdonck, Jennifer L. Weible, Susan Helser, Nancy Hajduk
In addition, three proof-of-concept protocols and theoretical solutions were examined that focused on security through reducing access to data through various means. First, L. Wu et al. (2017) present a data possession scheme to prevent data privacy attacks and proof forgery attacks. Data integrity is paramount in ensuring security as data can be deleted on purpose or accidentally, causing data corruption. L. Wu et al. (2017) used cryptanalysis and random masking techniques to eliminate access to data blocks through multiple algorithms. J. Shen et al. (2017) also limited access to data in their theoretical solution that enhanced protocols for auditing cloud data storage and preserving privacy, as well as reducing costs. They proposed auditing the data within the cloud without retrieving it fully, eliminating the burden and enhancing the security through the use of algorithms that blind sensitive information and limit access to user data. Unlike the first two articles, F. Wu et al. (2019) examined simulations and schemes that they call games, although they are not playable, when discussing secure wireless data transmission. Their solution utilized a smart grid key agreement scheme based on elliptic curve cryptography to improve security of data transmission between devices and the smart grid by reducing access to data.
3D-CUBE readiness model for industry 4.0: technological, organizational, and process maturity enablers
Published in Production & Manufacturing Research, 2022
Bruna Felippes, Isaac da Silva, Sanderson Barbalho, Tobias Adam, Ina Heine, Robert Schmitt
Data collection means the data analysis, design, implementation, deployment, maintenance, and mechanisms for capturing and transferring data in an operating system (Merkus et al., 2020). Data quality means that the data provided to employees allows analysis and decision-making based on valid information. Data integrity represents activities that maintain the context, consistency, standardization, and sharing of accurate, up-to-date, and relevant information (Gamache et al., 2020).
A Public Key Authentication and Privacy Preserving Model for Securing Healthcare System
Published in IETE Journal of Research, 2021
Doctors can employ sensors to monitor patients in real-time, auxiliary disease diagnosis, and remote treatment [7]. The sensor nodes gather and transfer the patient’s healthcare data to the medical specialist for data analytics and visualizations for facilitating health monitoring and treatment [8]. The fundamental components of healthcare-related information are security and privacy [9,10]. Data security guarantees data integrity, validity, together with authenticity, while storing and transferring the information securely [11]. In contrast, data privacy implies that the data can be accessed only by the individual who has permission to utilize it [12]. With the rapid growth of IoT and digital technology, the healthcare system is undergoing a steady and comprehensive transition from paper-based records to digitalized electronic records viz., Electronic Medical Records (EMR), Electronic Health Records (EHR), Personal Health Records (PHR), and Electronic Heath Data (EHD). The EHR and EMR are handled by medical professionals related to the patients’ health records, whereas the PHR relates to patient personal information. However, the EHD is a standardized compilation of patient’s digital health records that include a wide range of patient data [13]. Several methods are focusing on handling privacy and access control of EHR to preserve patient confidentiality and integrity. The rising usage of EHR’s requires interoperability of data. Therefore, the standards play a critical role in enhancing the interoperability of health management information systems (HMIS) [14]. The fundamental goal of HIS is to provide continuous healthcare services so that, the data must always be semantically interoperable [15]. The Continuity of Care Document (CCD) is a standard for exchanging medical data and patient information between HMIS [16]. There are many EHR standards developed for adoption and implementation around the world. The initiative has been taken for the implementation of a digital ecosystem for healthcare services across the countries. In countries like India, the National Digital Health Mission (NDHM) was launched [17,18] for the digitalization of the healthcare sector. The patients who want their health information available digitally may generate Unique Health Identifier (UHID) to register with EHR. UHID is provided for the identification and authentication of users in various healthcare systems [19]. Also, useful for the detection of duplicate records in EHR. The NDHM strives to enhance the infrastructure that supports the nation’s comprehensive digital health system and is an open Application Programming Interface (API) based ecosystem.