Data Breach Notification: Issues and Challenges for Security Management

Several high-profile personal data breaches have triggered a discussion among privacy advocates, security practitioners, corporate managers and politicians on what role regulation should play in how companies and organisations protect data. The self-regulation paradigm fails to reinforce individuals’ right to information and foster proactive risk management as incident-related information is communicated informally and on a voluntary basis. Lately (April 2016) the European Parliament adopted a reformed General Data Protection Regulation (GDPR) which regulates data breach notification. This paper analyzes the current status in information security incident management, describes the data breach notification mandate introduced by the GDPR and discusses its impact on the accountability and transparency of organisations, the amplification of the security function in organisations and the security market and the reinforcement of situational awareness. This paper also identifies enablers and barriers to compliance and highlights the key challenges that governments and organisations need to address for effective incident management, in the context of the new regulation paradigm

Facebook: Reconstructing Communication And Decostructing Privacy Law?

The exponential growth of Facebook during the last year, was followed by a vital public discourse and often an alert with regard to the impacts of this popular SNS on communicational and behavioural attitudes and users’ rights. In this Paper we focus on privacy issues relating to Facebook. We attempt to define the “phenomenon Facebook” as a social and communicational ecosystem in the context of Web 2.0. In this perspective we discuss the trust relationships evolved in the Facebook communities to the extent that they affect the perceptions and expectations of privacy. We refer to the privacy issues, focusing on shortcomings of the Facebook privacy policy and practices, on regulatory responses and the problems relating to consent and contract as privacy gatekeepers in SNSs. Finally, we try to identify how SNSs and Facebook pose new challenges to privacy and data protection law

Cyber-Attacks Evaluation Using Simple Additive Weighting Method on the Basis of Schmitt\u27s Analysis

A systematic modelling methodology is presented in this paper, so as to evaluate the effects of cyber-attacks on states’ Critical Information Infrastructure, in order to answer the question of whether these attacks have risen to the level of a ‘use of force’ under the principles of international law. By using the qualitative criteria for recognizing the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying the Simple Additive Weighting method, the widely used Multiple Attribute Decision Making method, cyber-operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition system is employed. Taking into account the qualitative and quantitative aspects of such attacks and adding for the first time the ‘military character’ attribute as defined by the Tallinn Manual in the calculation procedure, a more complete evaluation of such attacks is achieved

Human Control and Discretion in AI-driven Decision-making in Government

Traditionally public decision-makers have been given discretion in many of the decisions they have to make in how to comply with legislation and policies. In this way, the context and specific circumstances can be taken into account when making decisions. This enables more acceptable solutions, but at the same time, discretion might result in treating individuals differently. With the advance of AI-based decisions, the role of the decision-makers is changing. The automation might result in fully automated decisions, humans-in-the-loop or AI might only be used as recommender systems in which humans have the discretion to deviate from the suggested decision. The predictability of and the accountability of the decisions might vary in these circumstances, although humans always remain accountable. Hence, there is a need for human-control and the decision-makers should be given sufficient authority to control the system and deal with undesired outcomes. In this direction this paper analyzes the degree of discretion and human control needed in AI-driven decision-making in government. Our analysis is based on the legal requirements set/posed to the administration, by the extensive legal frameworks that have been created for its operation, concerning the rule of law, the fairness-non-discrimination, the justifiability and accountability, and the certainty/predictability.Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Information and Communication Technolog

PPDM-TAN: A Privacy-Preserving Multi-Party Classifier

Distributed medical, financial, or social databases are analyzed daily for the discovery of patterns and useful information. Privacy concerns have emerged as some database segments contain sensitive data. Data mining techniques are used to parse, process, and manage enormous amounts of data while ensuring the preservation of private information. Cryptography, as shown by previous research, is the most accurate approach to acquiring knowledge while maintaining privacy. In this paper, we present an extension of a privacy-preserving data mining algorithm, thoroughly designed and developed for both horizontally and vertically partitioned databases, which contain either nominal or numeric attribute values. The proposed algorithm exploits the multi-candidate election schema to construct a privacy-preserving tree-augmented naive Bayesian classifier, a more robust variation of the classical naive Bayes classifier. The exploitation of the Paillier cryptosystem and the distinctive homomorphic primitive shows in the security analysis that privacy is ensured and the proposed algorithm provides strong defences against common attacks. Experiments deriving the benefits of real world databases demonstrate the preservation of private data while mining processes occur and the efficient handling of both database partition types