China
Africa
Explore chapters and articles related to this topic
Security Assessment (A1): SDL Activities and Best Practices
Published in James F. Ransome, Anmol, Mark S. Merkow, Practical Core Software Security, 2023
James F. Ransome, Anmol, Mark S. Merkow
Privacy, often neglected as part of the SDL in the past, is assessed at this phase as well. The Privacy Impact Assessment (PIA) process evaluates issues and privacy impact rating related to the privacy of personally identifiable information (PII) in the software and will be initiated during this stage of the development process.
Determinants of user acceptance of wearable IoT devices
Published in Cogent Engineering, 2022
Salem Ali Suhluli, Syed Md. Faisal Ali Khan
A law that ensures the privacy of users will certainly improve the problem. Europe’s General Data Protection Regulation (GDPR) is a good example. The GDPR requires internal evaluation of the company’s practice and manufacturers which fail to comply face sanction, and manufacturers should inform the government about any data breaches immediately. Additionally, companies that fail to meet their requirements could be fined up to 4% of their annual revenue (Scott 2014, Jones & Meurer, 2016). Also, companies are required to conduct mandatory privacy impact assessment to evaluate the risks of sharing and using identifiable information about people. They should only collect consumer’s data for specific reasons and are not allowed to use user’s data in ways below their expectations. In addition, users should be offered the option to update the device privacy settings during the collection process (Slomovic, 2015).
Translating Privacy Design Principles Into Human-Centered Software Lifecycle: A Literature Review
Published in International Journal of Human–Computer Interaction, 2023
Marco Saltarella, Giuseppe Desolda, Rosa Lanzilotti, Vita Santa Barletta
Different solutions propose models that help in complying with various privacy requirements. Martin et al. highlight how developers are unprepared to deal with privacy requirements and lack the tools (and the methods) to translate those requirements into the software. Thus, they suggest adopting a model-driven design to support engineers with GDPR-compliant software development (Martin & Kung, 2018). Similarly, (Fatema et al., 2017) propose a data management model to make consent specific and unambiguous, enabling GDPR-compliant data processing. Moreover, in (Alshammari & Simpson, 2017a), a UML-based data lifecycle model is proposed. Different privacy principles are represented as requirements, and constraints provide the criteria to assess whether the representation of the data processing fulfils the requirements, facilitating the modelling of the data lifecycle and the adoption of different principles, such as the separation of duties and data minimisation. In (Ahmadian et al., 2018), Ahmadian et al. present a privacy-aware system design model to mitigate possible regulation violations during the design process. This is enabled by building on top of existing Privacy Impact Assessment (PIA) methods to identify risks, proposing, through a cost-benefit approach, a set of reusable components that can be practically implemented to mitigate those risks. Furthermore, in (Bartolini et al., 2015), an ontology-based business process methodology to address GDPR requirements is presented to support data controllers in complying with the regulation, auditors to assess compliance, and the authorities to detect potential violations.
Recommendations for smart grid security risk management
Published in Cyber-Physical Systems, 2019
Vikas Lamba, Nikola Šimková, Bruno Rossi
Vulnerability analysis can be quite complex in the context of SGs owing to a large number of vulnerabilities that can exist in both cyber and power domains. Hence, organisations should make maximum use of automated scanning tools to detect them for preparing vulnerability catalogues [26,51]. Impact analysis enables the organisation to measure the level of risk such that it should be conducted using qualitative and quantitative approaches [23,26,38]. Impact matrix and impact assessment reports can be used for the same to determine the magnitude of impact [30,38,56]. More particularly for SGs, privacy impact assessment (PIA) should be carried out to evaluate the potential privacy risks associated with users and utility data [26,38].