Identity Trust Framework for iGaming

The online gambling community, or the iGaming industry in the United States has individual solutions and a mix of classic processes to manage universal customer identity but it lacks a standard identity management framework in which to enroll new iGaming users, monitor those users and ensure secure transactions, which leaves it open to identity theft and financial fraud. The iGaming industry offers online poker, sports betting and casino table games. iGaming providers (provider/providers) include companies such as PartyPoker.com, Pokerstars.com, Bovada.com, BetOnline.com among others. An iGaming player (player/players) is anyone who plays to gamble on games through the Internet. This report focuses on the requirements and specification for an Identity Trust Framework to enhance security and privacy in the United States iGaming industry and players.Informatio

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

All-Payer Claims Database Development Manual: Establishing a Foundation for Health Care Transparency and Informed Decision Making

With support from the Gary and Mary West Health Policy Center, the APCD Council has developed a manual for states to develop all-payer claims databases. Titled All-Payer Claims Database Development Manual: Establishing a Foundation for Health Care Transparency and Informed Decision Making, the manual is a first-of its-kind resource that provides states with detailed guidance on common data standards, collection, aggregation and analysis involved with establishing these databases

Advanced Cloud Privacy Threat Modeling

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system . This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design

The European Institute for Innovation through Health Data

The European Institute for Innovation through Health Data (i~HD, www.i-hd.eu) has been formed as one of the key sustainable entities arising from the Electronic Health Records for Clinical Research (IMI-JU-115189) and SemanticHealthNet (FP7-288408) projects, in collaboration with several other European projects and initiatives supported by the European Commission. i~HD is a European not-for-profit body, registered in Belgium through Royal Assent. i~HD has been established to tackle areas of challenge in the successful scaling up of innovations that critically rely on high-quality and interoperable health data. It will specifically address obstacles and opportunities to using health data by collating, developing, and promoting best practices in information governance and in semantic interoperability. It will help to sustain and propagate the results of health information and communication technology (ICT) research that enables better use of health data, assessing and optimizing their novel value wherever possible. i~HD has been formed after wide consultation and engagement of many stakeholders to develop methods, solutions, and services that can help to maximize the value obtained by all stakeholders from health data. It will support innovations in health maintenance, health care delivery, and knowledge discovery while ensuring compliance with all legal prerequisites, especially regarding the insurance of patient's privacy protection. It is bringing multiple stakeholder groups together so as to ensure that future solutions serve their collective needs and can be readily adopted affordably and at scale

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin