Structural cloud audits that protect private information

As organizations and individuals have begun to rely more and more heavily on cloud-service providers for critical tasks, cloud-service reliability has become a top priority. It is natural for cloud-service providers to use redundancy to achieve reliability. For example, a provider may replicate critical state in two data centers. If the two data centers use the same power supply, however, then a power out-age will cause them to fail simultaneously; replication per se does not, therefore, enable the cloud-service provider to make strong reliability guarantees to its users. Zhai et al. [28] present a sys-tem, which they refer to as a structural-reliability auditor (SRA), that uncovers common dependencies in seemingly disjoint cloud-infrastructural components (such as the power supply in the exam-ple above) and quantifies the risks that they pose. In this paper, we focus on the need for structural-reliability auditing to be done in a privacy-preserving manner. We present a privacy-preserving structural-reliability auditor (P-SRA), discuss its privacy proper-ties, and evaluate a prototype implementation built on the Share-mind SecreC platform [6]. P-SRA is an interesting application of secure multi-party computation (SMPC), which has not often been used for graph problems. It can achieve acceptable running times even on large cloud structures by using a novel data-partitioning technique that may be useful in other applications of SMPC

Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Integrating NIST and ISO Cybersecurity Audit and Risk Assessment Frameworks into Cameroonian Law

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon\u27s cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information security systems and cybersecurity risk management. This paper highlights the lack of specific international law provisions addressing cybersecurity audits and risk assessments. Overall, the paper highlights the importance of continuous risk assessment and monitoring, implementation of security controls, and compliance with organizational policies, relevant laws and regulations to ensure the adequate protection of information systems. Finally, the paper underscores the importance of improving Cameroon\u27s cybersecurity regulations by integrating provisions from NIST and ISO

“Unblackboxing” Decision Makers’ Interpretations of IS Certifications in the Context of Cloud Service Certifications

IS literature has predominantly taken a black box perspective on IS certifications and studied their diverse set of outcomes, such as signaling superior quality and increased customer trust. As a result, there is little understanding about the structure of certifications and its role in decision makers’ evaluations of certifications to achieve these outcomes. However, idiosyncrasies of novel IT services, such as cloud services, create a need for “unblackboxing” certifications and theorizing about their constituting structural building blocks and structural elements, as well as examining key features that might lead to a more favorable evaluation of a certification by decision makers. To advance theory building on certifications, this article develops an empirically grounded typology of certifications’ key structural building blocks and structural elements, and examines how they interpret substantive features within these elements. Using evidence from 20 interviews with decision makers from a wide range of industries in the context of cloud service certifications, we find that a decision maker’s aggregate evaluation of a certification is a function of their interpretations of its features guided by cognitive interpretive schemas along six key structural elements, contrasted with the decision makers’ expectations regarding the certification’s outcomes. This study contributes by conceptualizing the necessary and sufficient elements of certifications, constructing a nascent theory on decision makers’ evaluations of certifications, and illuminating the dynamics between certifications’ structural elements and outcomes as a coevolutionary process. We discuss implications for the certification literature and give managerial advice regarding the factors to consider when designing and evaluating certifications

AI Now Institute 2023 Landscape: Confronting Tech Power

This report highlights a set of approaches that, in concert, will collectively enable us to confront tech power. Some of these are bold policy reforms that underscore the need for bright-line rules and structural curbs. Others identify popular policy responses that, because they fail to meaningfully address power discrepancies, should be abandoned. Several aren't in the traditional domain of policy at all, but acknowledge the importance of nonregulatory interventions such as collective action, worker organizing, and the role public policy can play in bolstering these efforts. We intend this report to provide strategic guidance to inform the work ahead of us, taking a bird's eye view of the many levers we can use to shape the future trajectory of AI – and the tech industry behind it – to ensure that it is the public, not industry, that this technology serves

The Effects of Big Data and Blockchain on the Audit Profession

This qualitative study purposed to gain a greater understanding of the technological systems effecting the audit industry. The central focus was to gain an in-depth understanding of the effects of big data and blockchain technology on the audit industry. Interviews were carried out with selected participants working for Certified Public Accounting (CPA) firms. From the interviews, eleven CPAs provided the data to form the discovered themes. The information gathered in the interviews contributed to the body of knowledge concerning big data and blockchain technology as recognized by practicing CPAs. Four themes were identified which aligned with the participants feedback concerning big data and blockchain effects on the audit. The themes discovered were: the need for additional training to fully prepare for the technological spectrums, a need for software developments beyond the traditional excel applications, having an on-going correspondence with information (IT) technology personnel, and an acknowledgment of the limited practical application of blockchain on the audit. This study shall assist auditors and other stakeholders interested in preparing to work with clients that have big data and/or blockchain technology embedded in their systems

On the Impact of Digital Technologies on Corruption: Evidence from U.S. States and Across Countries

We hypothesize that the spread of the Internet has reduced corruption, chiefly through two mechanisms. First, the Internet facilitates the dissemination of information about corrupt behavior, which raises the detection risks to shady bureaucrats and politicians. Second, the Internet has reduced the interface between bureaucrats and the public. Using cross-country data and data for the U.S. states, we test this hypothesis. Data spans the period during which the Internet has been in operation. In order to address the potential endogeneity problem, we develop a novel identification strategy for Internet diffusion. Digital equipment is highly sensitive to power disruption: it leads to equipment failure and damage. Even very short disruptions (less than 1/60th of a second) can have such consequences. Accordingly, more frequent power failures will increase the user cost of IT capital; either directly, through depreciation, or indirectly, through the costs of protective devises. Ceteris paribus, we expect that higher IT user costs will lower the speed of Internet diffusion. A natural phenomenon which causes a major part of annual power disruptions globally is lightning activity. Lightning therefore provides exogenous variation in the user cost of IT capital. Based on global satellite data from the U.S. National Aeronautics and Space Administration (NASA), we construct lightning density data for a large cross section of countries and for the U.S. states. We demonstrate that the lightning density variable is a strong instrument for changes in Internet penetration; and we proceed to show that the spread of the Internet has reduced the extent of corruption across the globe and across the U.S. The size of the impact is economically and statistically significant.public corruption; internet; information

EU Privacy seals project: Inventory and analysis of privacy certification schemes

The objective of this report is to comprehensively inventory and analyse privacy and related certification schemes in the European Union and, where relevant, at the international level. The report will provide insights into the importance of privacy seal schemes and present information on the operational aspects of these schemes. The report will also help understand the privacy and data protection elements of the analysed schemes and provide and initial analysis of their shortcomings. The report specifically aims to understand whether (if at all) the analysed schemes address the requirements proposed under the GDPR. It will highlight the main convergences and differences between the schemes, who benefits from such schemes and what the impact of such schemes is.JRC.G.7-Digital Citizen Securit

Perceived Control and Privacy in a Professional Cloud Environment

Cloud customers need to assess whether their cloud service provider offers high-quality services and handles sensitive information confidentially. Privacy protection is therefore a major challenge during cloud sourcing. Although cloud customers want control over their sensitive information, they have limited resources to do so. They therefore consider other control agents, such as certification authorities or collectives, but the effectiveness of these groups to ensure privacy protection is unknown. This study differentiates between three control agents (personal control, proxy control, and collective control) and investigates the influence of these agents on cloud customers’ perceived control over sensitive information to protect privacy during cloud sourcing. Results show that proxy and collective control influence cloud customers’ perceptions but personal control does not. Therefore, only external control agents, who can apply sanctions, are perceived as being able to effectively protect privacy