Top

The Journal of Supercomputing

Published in:

23-04-2018

pISRA: privacy considered information security risk assessment model

Authors: Yu-Chih Wei, Wei-Chen Wu, Gu-Hsin Lai, Ya-Chi Chu

Published in: The Journal of Supercomputing | Issue 3/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The security threats related to personally identifiable information are increasing dramatically. In addition to government agencies, large international companies are potential victims. To comply with regulations such as the European Union General Data Protection Regulation, organizations are required to carry out a privacy impact assessment. However, the conventional information security risk assessment model does not provide a clear methodology for conducting privacy impact assessments. In this paper, we propose a privacy-considered information security risk assessment (pISRA) model, which can take both a privacy impact analysis and risk assessment into consideration. Our proposed model can help risk assessors achieve a comparable and reproducible approach for the entire risk assessment process. Additionally, pISRA can assist organizations to select high-risk items for further action.

previous article WCP-RNN: a novel RNN-based approach for Bio-NER in Chinese EMRs

next article Grid-based indexing with expansion of resident domains for monitoring moving objects

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Data breach reports—identity theft resource center. http://www.idtheftcenter.org/images/breach/DataBreachReport_2016.pdf

Guide to protecting the confidentiality of personally identifiable information (pii) (2010) NIST SP800-122. http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

Information technology—security techniques—information security risk management (2011) ISO/IEC 27005:2011, pp 1–68

Information technology—security techniques—privacy framework (2011) ISO/IEC 29100:2011, pp 1–21

Information technology—security techniques—information security management systems—requirements (2013) ISO/IEC 27001:2013, pp 1–23

Information technology—security techniques—code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (2014) ISO/IEC 27018:2014, pp 1–23

Societal security—Business continuity management systems—guidelines for business impact analysis (BIA) (2015) ISO/TS 22317:2015, pp 1–27

Data protection specification for a personal information management system (2017) BS10012:2017. http://www.bsigroup.com/en-GB/BS-10012-Personal-information-management/

Information technology—security techniques—code of practice for personally identifiable information protection (2017) ISO/IEC 29151:2017, pp 1–39

10.

Information technology—security techniques—guidelines for privacy impact assessment (2017) ISO/IEC 29134:2017, pp 1–43

11.

Brooks S, Garcia M, Lefkovitz N, Lightman S, Nadeau E (2017) Ir8062: an introduction to privacy engineering and risk management in federal systems, Technical report. https://doi.org/10.6028/nist.ir.8062

12.

Clarke R (1999) Introduction to dataveillance and information privacy, and definitions of terms. Roger Clarke’s Dataveillance and Information Privacy Pages. http://www.cse.unsw.edu.au/~cs4920/resources/Roger-Clarke-Intro.pdf

13.

Council of the European Union: General data protection regulation (2016). http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

14.

De SJ, Le Métayer D (2016) PRIAM: a privacy risk analysis methodology. In: Livraga G, Torra V, Aldini A, Martinelli F, Suri N (eds) Data privacy management and security assurance. Springer, Cham, pp 221–229CrossRef

15.

Ministry of Justice (2012) The specific purpose and the classification of personal information of the personal information protection act. http://mojlaw.moj.gov.tw/LawContentE.aspx?id=FL010631

16.

Ministry of Justice (2015) Personal information protection act. http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0050021

17.

Ministry of Justice (2016) Enforcement rules of the personal information protection act. http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050022

18.

Mylonas A, Theoharidou M, Gritzalis D (2014) Assessing privacy risks in android: a user-centric approach. Springer International Publishing, Cham, pp 21–37. https://doi.org/10.1007/978-3-319-07076-6_2

19.

Oetzel MC, Spiekermann S (2014) Systematic methodology for privacy impact assessments. Eur J Inf Syst 23(2):126–150. https://doi.org/10.1057/ejis.2013.18 CrossRef

20.

Public Law 107-347 (2002) E-government act of 2002. U.S. Government Printing Office. http://www.gpo.gov/fdsys/pkg/PLAW-107publ347

21.

Saripalli P, Walters B (2010) Quirc: a quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd International Conference on Cloud Computing, pp 280–288. https://doi.org/10.1109/CLOUD.2010.22

22.

Shamala P, Ahmad R, Yusoff M (2013) A conceptual framework of info structure for information security risk assessment (ISRA). J Inf Secur Appl 18(1):45–52. https://doi.org/10.1016/j.jisa.2013.07.002 CrossRef

23.

Tancock D, Pearson S, Charlesworth A (2013) A privacy impact assessment tool for cloud computing. Springer, London, pp 73–123. https://doi.org/10.1007/978-1-4471-4189-1_3 CrossRef

24.

Theoharidou M, Mylonas A, Gritzalis D (2012) A risk assessment method for smartphones. Springer, Berlin, pp 443–456. https://doi.org/10.1007/978-3-642-30436-1_36 CrossRef

25.

Trattner C, Kappe F (2013) Social stream marketing on Facebook: a case study. Int J Soc Humanist Comput 2(1/2):86. https://doi.org/10.1504/ijshc.2013.053268 CrossRef

26.

Wei YC, Wu WC, Chu YC (2016) Performance evaluation of information security risk identification. In: The 5th International Conference on Frontier Computing, Tokyo, Japan

27.

Wright D, De Hert P (2012) Introduction to privacy impact assessment. Springer, Dordrecht, pp 3–32. https://doi.org/10.1007/978-94-007-2543-0_1 CrossRef

28.

Wright D, Finn R, Rodrigues R (2013) A comparative analysis of privacy impact assessment in six countries. J Contemp Eur Res 9(1):160–180

Title: pISRA: privacy considered information security risk assessment model
Authors: Yu-Chih Wei
Wei-Chen Wu
Gu-Hsin Lai
Ya-Chi Chu
Publication date: 23-04-2018
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 3/2020
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-018-2371-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 3/2020

An innovative neural network approach for stock market prediction

Empirical decision analytics approach of advanced granularity-based models for identifying performance measures of ERPS application

L-PowerGraph: a lightweight distributed graph-parallel communication mechanism

Effectiveness evaluation of Internet of Things-aided firefighting by simulation

The study for dispatch decision of medical emergency resources with real-time spatial analysis

Grid-based indexing with expansion of resident domains for monitoring moving objects

Premium Partner