An extended investigation of the similarity between privacy policies of social networking sites as a precursor for standardization

Privacy policies are unsatisfactory in communicating information to users. Social networking sites (SNS) exemplify this, attracting growing concerns regarding their use of personal data, whilst lacking incentives to improve their policies. Standardization addresses many of these issues, but is only possible if policies share attributes that can be standardized. This investigation assessed the similarity of two attributes (the clauses and the coverage of forty recommendations made by the UK Information Commissioner) between the privacy policies of the six most frequently visited SNS globally. Similarity was also investigated by looking at whether any recommendations were not addressed by all SNS and if there were any themes of information discussed in the policies, but not included in the ICO Code. We found that similarity in the clauses was low, yet similarity in the recommendations covered was high. This indicates that SNS use different clauses, but to convey similar information. There were a number of recommendations which none of the SNS addressed. There were also four themes of information which all six SNS addressed, which were not recommended in the ICO Code. This paper proposes the policies of SNS already share attributes, indicating the feasibility of standardization at a thematic level currently. Five recommendations are made to begin facilitating this

Scared or naïve? An exploratory study on users perceptions of online privacy disclosures

Online service providers offer “free” services in exchange for the personal data of its users. In the last few years there has been an increase of online industry regulations requiring service providers, such as websites and app developers, to disclosure the ways in which they collect, process and use the personal data of service users. These “privacy disclosures,” such as the privacy policy, the cookie notice and, on smart phones, the app permission request, are designed with the purpose of informing users and empowering them to control their privacy. The interaction problems with these different types of disclosure are relatively well understood – habituation, inattention and cognitive biases undermine the extent to which user consent is truly informed. Users understanding of the actual content of these disclosures, and their feelings toward it, are less well understood, though. In this paper we report the results of a mixed-method exploratory study of the privacy disclosures and compare their relative merits as a starting point for the development of more meaningful consent interactions. First, we conducted a focus group study, with 21 students from the University of Southampton, to understand behavior and privacy concerns of Millenials (those born between 1982 and 2004) in response to the these three most common types of privacy disclosure. Second, we conducted an online survey, with 100 students from the University of Southampton, to study perception and feelings towards the content of the privacy disclosures. We identify three key findings. Firstly, we find heterogeneity of user perceptions and attitudes to privacy disclosures in both studies. The results of the focus groups suggests three types of users: the scared and worried about their online privacy, who think there is an option out; the naïve, who do not understand how their personal data is collected and processed by the online service providers; and the meh, who understand the trade off but are not worried about their privacy. Secondly, we find limited ability of users to infer data processing outputs and risks based on technical explanations of particular practices, suggestions of a naïve model of “cost justification” rather cost-benefit analysis by users. Finally, we show evidence of the possibility that consent interactions are valuable in themselves as a mean to improve user perceptions of a servic

CHORUS Deliverable 2.1: State of the Art on Multimedia Search Engines

Based on the information provided by European projects and national initiatives related to multimedia search as well as domains experts that participated in the CHORUS Think-thanks and workshops, this document reports on the state of the art related to multimedia content search from, a technical, and socio-economic perspective. The technical perspective includes an up to date view on content based indexing and retrieval technologies, multimedia search in the context of mobile devices and peer-to-peer networks, and an overview of current evaluation and benchmark inititiatives to measure the performance of multimedia search engines. From a socio-economic perspective we inventorize the impact and legal consequences of these technical advances and point out future directions of research

A Learning Health System for Radiation Oncology

The proposed research aims to address the challenges faced by clinical data science researchers in radiation oncology accessing, integrating, and analyzing heterogeneous data from various sources. The research presents a scalable intelligent infrastructure, called the Health Information Gateway and Exchange (HINGE), which captures and structures data from multiple sources into a knowledge base with semantically interlinked entities. This infrastructure enables researchers to mine novel associations and gather relevant knowledge for personalized clinical outcomes. The dissertation discusses the design framework and implementation of HINGE, which abstracts structured data from treatment planning systems, treatment management systems, and electronic health records. It utilizes disease-specific smart templates for capturing clinical information in a discrete manner. HINGE performs data extraction, aggregation, and quality and outcome assessment functions automatically, connecting seamlessly with local IT/medical infrastructure. Furthermore, the research presents a knowledge graph-based approach to map radiotherapy data to an ontology-based data repository using FAIR (Findable, Accessible, Interoperable, Reusable) concepts. This approach ensures that the data is easily discoverable and accessible for clinical decision support systems. The dissertation explores the ETL (Extract, Transform, Load) process, data model frameworks, ontologies, and provides a real-world clinical use case for this data mapping. To improve the efficiency of retrieving information from large clinical datasets, a search engine based on ontology-based keyword searching and synonym-based term matching tool was developed. The hierarchical nature of ontologies is leveraged to retrieve patient records based on parent and children classes. Additionally, patient similarity analysis is conducted using vector embedding models (Word2Vec, Doc2Vec, GloVe, and FastText) to identify similar patients based on text corpus creation methods. Results from the analysis using these models are presented. The implementation of a learning health system for predicting radiation pneumonitis following stereotactic body radiotherapy is also discussed. 3D convolutional neural networks (CNNs) are utilized with radiographic and dosimetric datasets to predict the likelihood of radiation pneumonitis. DenseNet-121 and ResNet-50 models are employed for this study, along with integrated gradient techniques to identify salient regions within the input 3D image dataset. The predictive performance of the 3D CNN models is evaluated based on clinical outcomes. Overall, the proposed Learning Health System provides a comprehensive solution for capturing, integrating, and analyzing heterogeneous data in a knowledge base. It offers researchers the ability to extract valuable insights and associations from diverse sources, ultimately leading to improved clinical outcomes. This work can serve as a model for implementing LHS in other medical specialties, advancing personalized and data-driven medicine

E-Governance: Strategy for Mitigating Non-Inclusion of Citizens in Policy Making in Nigeria

The Nigerian federation that currently has 36 states structure adopted the Weberian Public Administrative system before now as an ideal way of running government, which was characterized with the traditional way of doing things without recourse to the deployment of Information Communication Technology (ICT). Today e-governance is seen as a paradigm shift from the previous way of governance. Research has shown that, the adoption and implementation of e-governance is more likely to bring about effective service delivery, mitigate corruption and ultimately enhance citizens’ participation in governmental affairs. However, it has been argued that infrastructure such as regular electricity power and access to the Internet, in addition to a society with high rate of literacy level are required to effectively implement and realize the potentials of e-governance for improved delivery of services. Due to the difficulties currently experienced, developing nations need to adequately prepare for the implementation of e-governance on the platform of Information Communication Technology (ICT). Hence, this study seeks to examine whether the adoption and implementation of e-governance in the context of Nigeria would mitigate the hitherto non-inclusion of citizens in the formulation and implementation of government policies aimed at enhanced development. To achieve the objective of the study, data were sourced and analyzed majorly by examining government websites of 20 states in the Nigerian federation to ascertain if there are venues for citizens to interact with government in the area of policy making and feedback on government actions, as a way of promoting participatory governance. The study revealed that the adoption and implementation of e-governance in the country is yet to fully take place. This is due to lack of infrastructure, low level of literacy rate and government inability to provide the necessary infrastructure for e-governance to materialize. The paper therefore, recommends among others the need for the Federal Government to involve a sound and clear policy on how to go about the adoption and implementation of egovernance through deliberate effort at increasing budgetary allocation towards infrastructural development and mass education of citizens

The Impact of e-Democracy in Political Stability of Nigeria

The history of the Nigerian electoral process has been hitherto characterized by violence stemming from disputes in election outcomes. For instance, violence erupted across some states in Northern Nigeria when results indicated that a candidate who was popular in that part of the country was losing the election leading to avoidable loss of lives. Beside, this dispute in election outcome lingers for a long time in litigation at the electoral tribunals which distracts effective governance. However, the increasing penetrating use of ICTs in Nigeria is evident in the electoral processes with consequent shift in the behavior of actors in the democratic processes, thus changing the ways Nigerians react to election outcomes. This paper examines the trend in the use ICT in the Nigerian political system and its impact on the stability of the polity. It assesses the role of ICT in recent electoral processes and compares its impact on the outcome of the process in lieu of previous experiences in the Nigeria. Furthermore, the paper also examines the challenges and risks of implementing e-Democracy in Nigeria and its relationship to the economy in the light of the socio-economic situation of the country. The paper adopted qualitative approach in data gathering and analysis. From the findings, the paper observed that e-democracy is largely dependent on the level of ICT adoption, which is still at its lowest ebb in the country. It recognizes the challenges in the provision of ICT infrastructure and argues that appropriate low-cost infrastructure applicable to the Nigerian condition can be made available to implement e-democracy and thus arouse the interest of the populace in governance, increase the number of voters, and enhance transparency, probity and accountability, and participation in governance as well as help stabilize the nascent democrac

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Three Essays on Information-Securing in Organizations

This dissertation is intended to interpret, analyze, and explain the interplay between organizational structure and organizational information systems security by mapping structural contingency theory into three qualitative studies. The research motivation can be attributed in two ways. First, Johnson and Goetz\u27s (2007) conception of embedding information in organizations as part of their field research interviewing security executives serves as a methodological inspiration for the series of three studies reported here. The point that security should be infused into organization activities instead of serving as a bolted-on function is a central tenet guiding the development of this dissertation. Second, a macro approach is employed in the studies reported here, aimed at a theoretical expansion from existing behavioral security studies which typically take a micro perspective, while mitigating potential theoretical reductionism due to a predominant research concentration on individual components of organizational information security instead of the holistic function of the firm. Hence, this dissertation contributes to the behavioral organizational security research by positing a theoretical construct of information-securing, an organizational security process which is essentially characterized by dualism, dynamism, and democratism. With a macro organizational perspective on the elements of information securing, organizations can effectively discover and leverage organization-wide resources, efforts, and knowledge to cope with security contingencies. The first study of this dissertation is designed to investigate the nature of employees’ extra-role behaviors. This study investigated how employees might sometimes take steps beyond the requirements of the organizational-level security policy in order to facilitate effective workgroup operation and to assist less-skilled colleagues. The second study of this dissertation conducts an interpretive study of the role of information systems auditing in improving information security policy compliance in the workplace, with a specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security directives by engaging in unsafe computing practices. The last study of the dissertation explores the interplay between organizational structures and security activities. The organizational perspective of security bureaucracies is developed with three specific bureaucratic archetypes to define the evolutionary stages of the firm’s progress through evolving from coercive rule-based enforcement regimes to fully enabled and employee-centric security cultures in the workplace. Borrowing from Weberian metaphors, the characterization of security bureaucracies evolving from an “iron cage” to an “iron shield” is developed. These three studies revolving around the general notion of information-securing are deemed to be a promising start of a new stream of organizational IS security research. In order to enrich and extend our IS security literature, the perspective advocated in this dissertation suggests a shift in the epistemological paradigm of security behaviors in organizations from the prevailing micro views to macro perspectives which will result in very useful new perspectives on security management, security behaviors and security outcomes in organizations. GS Form 14 (8/10) APPROVAL FOR SCHOLAR

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects