Adaptive Digital Identity Verification Reference Architecture (ADIVRA) Framework

University of Technology Sydney. Faculty of Engineering and Information Technology.Digital ecosystems comprise interacting actors such as organizations, people and things that are supported by digital platforms. The interconnection of actors may involve sharing personally identifiable information such as digital identity information for verification within the digital ecosystem. One of the key privacy challenges in digital ecosystems is the verification of a digital identity in a manner that is secure and compliant with regulatory requirements. The identity verification process is compromised if personally identifiable information is lost, which can lead to identity theft and more serious instances of data breaches. Therefore, a practical digital identity verification solution should enable secure digital identity verification for actors operating in the inherently complex and diverse regulatory environment of digital ecosystems. Several research and industry initiatives have been taken to address this challenge however, there is a lack of capability in existing solutions and guidance for implementing a digital identity verification solution that can comply to regulatory requirements and securely verify an identity without storing personally identifiable information. Hence, this thesis aims to address a pressing research need: how to ensure regulatory compliance and the privacy of personally identifiable information involved in digital identity verification in a digital ecosystem? This thesis aims to address this practice-oriented research question by proposing an adaptive digital identity verification reference architecture (ADIVRA) framework. The ADIVRA has been incrementally developed by the iterative cycles of build, intervene, and evaluate, reflection and learning, and the formalization of learning research activities following the principles of well-known action design research. ADIVRA comprises three main components: Assess, Design and Evolve. The Assess component helps to assess the environmental risks and gaps. The Design component fills the gaps identified by Assess component. The third and final component of the ADIVRA framework is Evolve, which analyzes the changes and identifies the adjustments against changing privacy risks, regulatory requirements, and business needs. The proposed ADIVRA framework is evaluated via design and review workshops in industry partners’ organizational settings and industry experts’ field survey. The results of this evaluation indicate that the proposed ADIVRA framework could be helpful for guiding the development of adaptive digital identity verification solutions that are privacy aware and support regulatory compliance. ADIVRA is intended for use by industry practitioners, law makers, regulators, and researchers as a comprehensive reference architecture for developing privacy aware and regulatory compliant digital identity verification solutions

Cybersecurity Enterprises Policies: A Comparative Study

Cybersecurity is a critical issue that must be prioritized not just by enterprises of all kinds, but also by national security. To safeguard an organization’s cyberenvironments, information, and communication technologies, many enterprises are investing substantially in cybersecurity these days. One part of the cyberdefense mechanism is building an enterprises’ security policies library, for consistent implementation of security controls. Significant and common cybersecurity policies of various enterprises are compared and explored in this study to provide robust and comprehensive cybersecurity knowledge that can be used in various enterprises. Several significant common security policies were identified and discussed in this comprehensive study. This study identified 10 common cybersecurity policy aspects in five enterprises: healthcare, finance, education, aviation, and e-commerce. We aimed to build a strong infrastructure in each business, and investigate the security laws and policies that apply to all businesses in each sector. Furthermore, the findings of this study reveal that the importance of cybersecurity requirements differ across multiple organizations. The choice and applicability of cybersecurity policies are determined by the type of information under control and the security requirements of organizations in relation to these policies