81,248 research outputs found
Selling packaged software: an ethical analysis
Within the IS literature there is little discussion on selling software products in general and especially
from the ethical point of view. Similarly, within computer ethics, although there is much interest in
professionalism and professional codes, in terms of accountability and responsibility, the spotlight
tends to play on safety-critical or life-critical systems, rather than on software oriented towards the
more mundane aspects of work organisation and society. With this research gap in mind, we offer a
preliminary ethical investigation of packaged software selling. Through an analysis of the features of
competition in the market, the global nature of the packaged software market and the nature of
product development we conclude that professionalism, as usually conceived in computer ethics, does
not apply particularly well to software vendors. Thus, we call for a broader definition of
professionalism to include software vendors, not just software developers. Moreover, we acknowledge
that with intermediaries, such as implementation consultants, involved in software selling, and the
packaged software industry more generally, there are even more âhandsâ involved. Therefore, we
contend that this is an area worthy of further study, which is likely to yield more on the question of
accountability
Advanced Cloud Privacy Threat Modeling
Privacy-preservation for sensitive data has become a challenging issue in
cloud computing. Threat modeling as a part of requirements engineering in
secure software development provides a structured approach for identifying
attacks and proposing countermeasures against the exploitation of
vulnerabilities in a system . This paper describes an extension of Cloud
Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in
relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to
specify characteristics of a cloud privacy threat modeling methodology,
different steps in the proposed methodology and corresponding products. We
believe that the extended methodology facilitates the application of a
privacy-preserving cloud software development approach from requirements
engineering to design
Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013
This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in todayâs online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such
Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography
Several recent works have proposed and implemented cryptography as a means to
preserve privacy and security of patients health data. Nevertheless, the
weakest point of electronic health record (EHR) systems that relied on these
cryptographic schemes is key management. Thus, this paper presents the
development of privacy and security system for cryptography-based-EHR by taking
advantage of the uniqueness of fingerprint and iris characteristic features to
secure cryptographic keys in a bio-cryptography framework. The results of the
system evaluation showed significant improvements in terms of time efficiency
of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy
commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the
likelihood of imposters gaining successful access to the keys protecting
patients protected health information. This result also justifies the
feasibility of implementing fuzzy key binding scheme in real applications,
especially fuzzy vault which demonstrated a better performance during key
reconstruction
- âŠ