The role of information systems in the prevention and detection of transnational and international crime

© Cambridge University Press 2014. All around the world criminal activity remains at the forefront of governmental concerns, not only as a problem that distorts the very fabric of society within the confines of national jurisdictions, but also as a problem that cuts across national borders to exhibit a global dimension. The international dimension of criminal activity remains critical and is generally characterized by a complexity that is unique and requires action on many different levels. Criminals set out to mask their illegal activities and deliberately generate complexity as a means of concealment. In doing so, they exploit new developments in technology that assist them in achieving their ends. This criminality exhibits forms of innovation that stretch far beyond traditional criminal activity (e.g., drug and human trafficking) and manages to attach itself within the broader fabric of society by exploiting the very latest developments. This evolution is necessary as criminals seek not only to escape arrest, prosecution and conviction, but also to enjoy the fruits of their criminality (mostly financial gains). Thus, they seek to develop ways of exploiting the various diffuse norms of social interaction (e.g., trust), financial modes of conduct (e.g., cash-based economies), technological and communication developments (e.g., Internet), and thereby minimize the possibility for detection. By limiting the resources that can be made available for prevention (or making them obsolete when developing new criminal behaviour), they participate in this co-evolution actively; and this they achieve by generating complexity

An E-Business Model Facilitating Service Provider Selection in B2C E-Commerce

The advent and expansion of the Internet and its applications, among them e-commerce, has provided new opportunities for the emergence of novel e-business models. A portion of these models are in the form of performing a mediatory role to provide some services for customers or businesses, and to facilitate transactions between them. In B2C e-commerce, often, a service consumer may supply his service demand from a range of providers and when he doesn\u27t have any transaction with many of them making an accurate decision becomes challenging. Therefore, he would need to interact with others to acquire relevant information. Current approaches for addressing this issue are generally rating-based and perform poorly. Recently, an experience-based approach has been proposed by ensoy et al [1]. This paper reviews this approach, analyzes its weaknesses and problems and proposes a new model to eliminate those problems, in which a third party assists the consumers in choosing their desired service providers

Information security and journalism: mapping a nascent research field

Information security (infosec) has become a field of primary interest for journalism, especially in the wake of the 2013 Edward Snowden revelations about the ramifications of Internet mass surveillance. Following the increasing dangers posed by digital threats—and surveillance in particular—to the safety of journalists and their sources, newsrooms and reporters have shown an increased interest in technological solutions for improved protection of their work and sources. In particular, the adoption of strong encryption tools for communication purposes has become an urgent matter for journalists worldwide, becoming a niche of research in journalism studies as well. By reviewing the existing literature in the field, this article examines how journalism studies approach the use of encryption and information security tools for journalistic purposes. Based on research on the major journalism studies journals and other publications, the article offers an overview of the research advancements, highlighting current major trends and research areas

Privacy Enhanced Secure Tropos: A Privacy Modeling Language for GDPR Compliance

Euroopa Liidu isikuandmete kaitse üldmäärusele (GDPR) vastavuse tagamine saab õiguslikult hädavajalikuks kõigis tarkvarasüsteemides, mis töötlevad ja haldavad isikuandmeid. Sellest tulenevalt tuleb GDPR vastavuse ja privaatsuse komponentidega arvestada arendusprotsessi varajastes etappides ning tarkvarainsenerid peaksid analüüsima mitte ainult süsteemi, vaid ka selle keskkonda. Käesolev uuring keskendub viimasel ajal tähepepanu pälvinud modelleerimiskeelele Privacy Enhanced Secure Tropos (PESTOS), mis põhineb Tropos metoodikal, hõlmates eesmärkide ja reeglite vaatenurka, mis aitab tarkvarainseneridel hinnata erinevaid Privacy-enhancing Technologies (PET-e) kandidaate, arendades samas privaatsustundlikke süsteeme, et need oleksid GDPR-iga kooskõlas.Kuigi GDPR artikli 5 lõikes 2 sätestatakse, et vastutuse põhimõtte kohaselt peavad organisatsioonid suutma näidata vastavust GDPR põhimõtetele (meie teadmiste kohaselt ei ole praegu veel ühtegi teist privaatsuse modelleerimise keelt, mis keskendub eelkõige GDPR nõuetele ja mis põhineb Security Risk-Aware Secure Tropos metoodikal), ei olnud saadaval ühtegi praktilist modelleerimise keelt, mis rahuldaks tööstus- ja ärivajadusi. See on Euroopa Liidu piirkonna avalikele asutustele ja erasektorile tõsine probleem, kuna GDPR toob vastutavatele ja volitatud töötlejatele kaasa väga tõsiseid trahve. Organisatsioonid ei oma piisavat kindlustunnet regulatsioonide täitmise osas ja tarkvarainseneridel puuduvad meetodid saamaks ülevaadet infosüsteemide muutmistaotlustest. Käesolevas lõputöös rakendatakse struktureeritud privaatsuse modelleerimise keelt, mida nimetatakse PESTOS-iks. Selle eesmärk on tagada kõrgetasemeline vastavus GDPR nõuetele kattes PET-e eesmärk-tegija-reegel perspektiivis hindamiseks ka lõimitud andmekaitse põhimõtted. GDPR 99-st artiklist 21 artiklit saab identifitseerida tehniliste nõudmistena, mile osas PESTOS suudab ettvõtetel aidata GDPR-ist tulenevaid kohustusi täita. Identiteedi- ja turvaekspertide seas läbiviidud uuring kinnitab, et kavandatud mudelil on piisav õigsus, täielikkus, tootlikkus ja kasutusmugavus.The European Union General Data Protection Regulation (GDPR) compliance is becoming a legal necessity for software systems that process and manage personal data. As a result of that fact, GDPR compliance and privacy components need to be considered from the early stages of the development process and software engineers should analyze not only the system but also its environment. Hereby with this study, Privacy Enhanced Secure Tropos (PESTOS) is emerging as a privacy modeling language based on Tropos methodology, which covers the goal and rule perspective, for helping software engineers by assessing candidate PETs, while designing privacy-aware systems, in order to make them compatible with GDPR. Although in Article 5(2) of the GDPR, the accountability principle requires organizations to show compliance with the principles of the GDPR, (To the best of our knowledge, currently there is no other privacy modeling language especially focuses on the GDPR compliance and enhanced based on Security Risk-Aware Secure Tropos methodology) there were not any practical social modeling languages supply the demand driven by industrial and commercial needs. This is a serious issue for public institutions and private sector in EU-zone because GDPR brings very serious charges for data controllers and data processors, therefore organizations do not feel themselves ready to face with those regulations and software engineers have a lack of methods for capturing change requests of the information systems. This paper applies a structured privacy modeling language that is called as PESTOS which has a goal-oriented solution domain that aims to bring a high compatibility with GDPR by covering Privacy by Design strategies for assessing proper privacy-enhancing technologies(PETs) in a respect of the goal-actor-rule perspective. Among the 99 articles of GDPR, 21 articles can be identified as technical level of requirements that PESTOS is able to transform them into GDPR goals needs to be fulfilled in order to support business assets. A survey conducted by identity and security experts validates that proposed model has a sufficient level of correctness, completeness, productivity and ease of use

ENHANCING PRIVACY IN MULTI-AGENT SYSTEMS

La pérdida de privacidad se está convirtiendo en uno de los mayores problemas en el mundo de la informática. De hecho, la mayoría de los usuarios de Internet (que hoy en día alcanzan la cantidad de 2 billones de usuarios en todo el mundo) están preocupados por su privacidad. Estas preocupaciones también se trasladan a las nuevas ramas de la informática que están emergiendo en los ultimos años. En concreto, en esta tesis nos centramos en la privacidad en los Sistemas Multiagente. En estos sistemas, varios agentes (que pueden ser inteligentes y/o autónomos) interactúan para resolver problemas. Estos agentes suelen encapsular información personal de los usuarios a los que representan (nombres, preferencias, tarjetas de crédito, roles, etc.). Además, estos agentes suelen intercambiar dicha información cuando interactúan entre ellos. Todo esto puede resultar en pérdida de privacidad para los usuarios, y por tanto, provocar que los usuarios se muestren adversos a utilizar estas tecnologías. En esta tesis nos centramos en evitar la colección y el procesado de información personal en Sistemas Multiagente. Para evitar la colección de información, proponemos un modelo para que un agente sea capaz de decidir qué atributos (de la información personal que tiene sobre el usuario al que representa) revelar a otros agentes. Además, proporcionamos una infraestructura de agentes segura, para que una vez que un agente decide revelar un atributo a otro, sólo este último sea capaz de tener acceso a ese atributo, evitando que terceras partes puedan acceder a dicho atributo. Para evitar el procesado de información personal proponemos un modelo de gestión de las identidades de los agentes. Este modelo permite a los agentes la utilización de diferentes identidades para reducir el riesgo del procesado de información. Además, también describimos en esta tesis la implementación de dicho modelo en una plataforma de agentes.Such Aparicio, JM. (2011). ENHANCING PRIVACY IN MULTI-AGENT SYSTEMS [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/13023Palanci

Developing a framework for e-commerce privacy and data protection in developing nations: a case study of Nigeria

The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems

Editorial

It is tradition that the Electronic Journal of Information Systems Evaluation (EJISE) publish a special issue containing the full versions of the best papers that were presented in a preliminary version during the 8th European Conference on Information Management and Evaluation (ECIME 2014). The faculty of Economics and Business Administration of the Ghent University was host for this successful conference on 11-12th of September 2014. ECIME 2014 received a submission of 86 abstracts and after the double-blind peer review process, thirty one academic research papers, nine PhD research papers, one master research paper and four work-in-progress papers were accepted and selected for presentation. ECIME 2014 hosted academics from twenty-two nationalities, amongst them: Australia, Belgium, Bosnia and Herzegovina, Brazil, Finland, France, Greece, Ireland, Lebanon, Lithuania, Macedonia (FYROM), Norway, Portugal, Romania, Russia, South Africa, South Korea, Spain, Sweden, The Netherlands, Turkey and the UK. From the thirty-one academic papers presented during the conference nine papers were selected for inclusion in this special issue of EJISE. The selected papers represent empirical work as well as theoretical research on the broad topic of management and evaluation of information systems. The papers show a wide variety of perspectives to deal with the problem

Multi-Dimensional-Personalization in mobile contexts

During the dot com era the word "personalisation” was a hot buzzword. With the fall of the dot com companies the topic has lost momentum. As the killer application for UMTS or the mobile internet has yet to be identified, the concept of Multi-Dimensional-Personalisation (MDP) could be a candidate. Using this approach, a recommendation of mobile advertisement or marketing (i.e., recommendations or notifications), online content, as well as offline events, can be offered to the user based on their known interests and current location. Instead of having to request or pull this information, the new service concept would proactively provide the information and services – with the consequence that the right information or service could therefore be offered at the right place, at the right time. The growing availability of "Location-based Services“ for mobile phones is a new target for the use of personalisation. "Location-based Services“ are information, for example, about restaurants, hotels or shopping malls with offers which are in close range / short distance to the user. The lack of acceptance for such services in the past is based on the fact that early implementations required the user to pull the information from the service provider. A more promising approach is to actively push information to the user. This information must be from interest to the user and has to reach the user at the right time and at the right place. This raises new requirements on personalisation which will go far beyond present requirements. It will reach out from personalisation based only on the interest of the user. Besides the interest, the enhanced personalisation has to cover the location and movement patterns, the usage and the past, present and future schedule of the user. This new personalisation paradigm has to protect the user’s privacy so that an approach supporting anonymous recommendations through an extended "Chinese Wall“ will be described