nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

On the Definition of Data Regulation Risk

verfasst von : Guillaume Delorme, Guilaine Talens, Eric Disson, Guillaume Collard, Elise Gaget

Erschienen in: Service-Oriented Computing – ICSOC 2020 Workshops

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rapid development of Information and Communication Technologies (ICT) has led to firms embracing data processing. Scholars and professionals have developed a range of assessments and management methodologies to better answer the needs for trust and privacy in ICT. With the ambition of establishing trust by reinforcing the protection of individuals’ rights and privacy, economic interests and national security, policy makers attempt to regulate data processing through enactment of laws and regulations. Non-compliance with these norms may harm companies which in turn need to incorporate it in their risk assessment. We propose to define this new class of risk: “Data Regulation Risk” (DRR) as “a risk originating from the possibility of a penalty from a regulatory agency following evidence of non-compliance with regulated data processing and/or ICT governances and processes and/or information technologies and services”. Our definition clarifies the meaning of the defined terms in a given context and adds a specific scope to facilitate and optimize decision-making.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Eyewitness Prediction During Crisis via Linguistic Features

Nächstes Kapitel Classifying Micro-text Document Datasets: Application to Query Expansion of Crisis-Related Tweets

Kossef, J.: Defining cybersecurity law. Iowa Law Rev. 103(1), 985–1031 (2017)

Knight, F.: Risk, Uncertainty and Profit. Houghton Mifflin, Boston (1921)

Gambetta, D.: Can we trust trust. In: Trust: Making and Breaking Cooperative Relations, vol. 13, pp. 213–237 (2000)

Myerson, R.B.: Game Theory. Harvard University Press (2013)

Flowerday, S., von Solms, R.: Trust: an element of information security. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) SEC 2006. IIFIP, vol. 201, pp. 87–98. Springer, Boston, MA (2006). https://doi.org/10.1007/0-387-33406-8_8CrossRef

Pearce, W.B.: Trust in interpersonal communication. Speech Monogr. 41(3), 236–244 (1974)

Gefen, D., Rao, V.S., Tractinsky, N.: The conceptualization of trust, risk and their relationship in electronic commerce: the need for clarification. IEEE Computer Society (2002)

Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)CrossRef

Camp, L.J.: Designing for trust. In: Falcone, R., Barber, S., Korba, L., Singh, M. (eds.) TRUST 2002. LNCS, vol. 2631, pp. 15–29. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36609-1_3CrossRef

10.

Humphrey, J., Schmitz, H.: Trust and Inter firm relations in developing and transition economies. J. Dev. Stud. 34(4), 33–61 (1998)CrossRef

11.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Official Journal L (2016)

12.

California Consumer Privacy Act of 2018 (CCPA): California Civil Code, section 1798.100 (2018)

13.

Personal Data Protection Act of 2012 (PDPA): Parliament of Singapore, No. 26 (2012)

14.

Export Administration Regulation (EAR), 15 C.F.R. § 730 et seq. https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear. Accessed 31 Jan 2020

15.

Saper, N.: International cryptography regulation and the global information economy. Northwest. J. Technol. Intellect. Prop. 11(7), 673–688 (2013)

16.

Defense Federal Acquisition Regulation Supplement (DFARS). https://www.federalregister.gov/defense-federal-acquisition-regulation-supplement-dfars. Accessed 02 Jan 2020

17.

Berger, C.: Uncertainty reduction theory. Dalam Griffin, EM A First Look at Communication Theory. Edisi, 6 (2006)

18.

Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)MathSciNetCrossRef

19.

COUNCIL REGULATION (EC) No 428/2009 of 5 May 2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items (EU dual-use), last consolidated version 2018/15/12

20.

International Traffic in Arms Regulations (ITAR). https://www.pmddtc.state.gov/ddtc_public?id=ddtc_kb_article_page&sys_id=%2024d528fddbfc930044f9ff621f961987. Accessed 06 Jan 2020

21.

Gordon, L., Loeb, M., Zhou, L.: The impact of information security breaches: has there been a downward shift in costs? J. Comput. Secur. 19(1), 33–56 (2011)CrossRef

22.

Personal Data Protection Commission. https://www.pdpc.gov.sg/. Accessed 06 Jan 2020

23.

Commission Nationale de l’Informatique et des Liberté. https://www.cnil.fr/fr. Accessed 06 Jan 2020

24.

National Institute of Standards and Technology (NIST). https://www.nist.gov/. Accessed 06 Jan 2020

25.

International Organization for Standardization (ISO). https://www.iso.org/home.html. Accessed 01 June 2020

26.

Vom Brocke, J., et al.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: ECIS Proceedings, p. 161 (2009)

27.

Sheikhpour, R., Modiri, N.: An approach to map COBIT processes to ISO/IEC 27001 information security management controls. Int. J. Secur. Appl. 6(2), 13–28 (2012)

28.

Al-Ahmad, W., Mohammad, B.: Can a single security framework address information security risks adequately. Int. J. Digi. Inf. Wireless Commun. 2(3), 222–230 (2012)

29.

Schlarman, S.: Selecting an IT control framework. Inf. Syst. Secur. 16(3), 147–151 (2007)CrossRef

30.

Rebollo, O., Mellado, D., Fernandez-Medina, E.: A comparative review of cloud security proposals with ISO/IEC 27002. In: WOSIS, pp. 3–12 (2011)

31.

Cloud Security Alliance (CSA). https://cloudsecurityalliance.org/. Accessed 09 Sept 2020

32.

Al-Ahmad, W., Mohammad, B.: Addressing information security risks by adopting standards. Int. J. Inf. Secur. Sci. 2(2), 28–43 (2013)

33.

Eloff, J., Eloff, M.: Information security architecture. Comput. Fraud Secur. 11(1), 10–16 (2005)CrossRef

34.

Komljenovic, D., Gaha, M., Abdul-Nour, G., Langheit, C., Bourgeois, M.: Risks of extreme and rare events in Asset Management. Saf. Sci. 88(1), 129–145 (2016)

35.

Tixier, J., Dusserre, G., Salvi, O., Gaston, D.: Review of sixty two risk analysis methodologies of industrial plants. J. Loss Prev. Process Ind. 15(4), 291–303 (2002)CrossRef

36.

Koivisto, R., et al.: Integrating FTA and risk assessment methodologies. In: FTA, pp. 37–38 (2008)

37.

Saleh, M.S., Alfantookh, A.: A new comprehensive framework for enterprise information security risk management. Appl. Comput. Inform. 9(2), 107–118 (2011)CrossRef

38.

Spears, J.L.: A holistic risk analysis method for identifying information security risks. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds.) Security Management, Integrity, and Internal Control in Information Systems. IIFIP, vol. 193, pp. 185–202. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-31167-X_12CrossRef

39.

Gerber, M., Von Solms, R.: Management of risk in the information age. Comput. Secur. 24(1), 16–30 (2005)CrossRef

40.

Dor, D., Elovici, Y.: A model of the information security investment decision-making process. Comput. Secur. 63(1), 1–13 (2016)CrossRef

41.

Halliday, S., Badenhorst, K., Von Solms, R.: A business approach to effective information technology risk analysis and management. Inf. Manag. Comput. Secur. 4(1), 19–31 (1996)CrossRef

42.

Ross, R.: Managing enterprise risk in today’s world of sophisticated threats: a framework for developing broad-based, cost-effective information security programs. In: EDPACS, vol. 35, no. 2, pp. 1–10 (2007)

43.

Jallow, A., Majeed, B., Vergidis, K., Tiwari, A., Roy, R.: Operational risk analysis in business processes. BT Technol. J. 25(1), 168–177 (2007)CrossRef

44.

Sohrabi Safa, N., Von Solms, R., Furnell, S.: Inf. Comput. Secur. 56(1), 70–82 (2016)CrossRef

45.

Shedden P., Smith, W., Ahmas, A.: Information security risk assessment: towards a business practice perspective. In: AISMC, pp. 119–130 (2010)

46.

Wangen, G.: Information security risk assessment: a method comparison. Computer 50(4), 52–61 (2017)CrossRef

47.

Terje, A.: Risk assessment and risk management: review of recent advances on their foundation. Eur. J. Oper. Res. 253(1), 1–13 (2016)MathSciNetCrossRef

Titel: On the Definition of Data Regulation Risk
verfasst von: Guillaume Delorme
Guilaine Talens
Eric Disson
Guillaume Collard
Elise Gaget
Verlag: Springer International Publishing
Buch: Service-Oriented Computing – ICSOC 2020 Workshops
Print ISBN: 978-3-030-76351-0

Electronic ISBN: 978-3-030-76352-7

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-76352-7_40

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"