Pris Tool: A Case Tool For Privacy-Oriented Requirements Engineering

PriS is a security and privacy requirements engineering method which aims on incorporating privacy requirements early in the system development process. Specifically, PriS provides a set of concepts for modelling privacy requirements in the organisation domain and a systematic way-of-working for translating these requirements into system models. In this paper we present the PriS conceptual framework and a case tool that assist PriS way of working the PriS-Tool. Specifically, PriS-Tool assist developers by offering design capabilities of the organization’s goal-process model, helps them to monitor the impact of privacy requirements on organisation’s goals and processes, suggests them a set of implementation techniques for the realization of the privacy related processes and offers guidance throughout this process

The Role of Gamification in Privacy Protection and User Engagement

The interaction between users and several technologies has rapidly increased. In people’s daily habits, the use of several applications for different reasons has been introduced. The provision of attractive services is an important aspect that it should be considered during their design. The implementation of gamification supports this, while game elements create a more entertaining and appealing environment. At the same time, due to the collection and record of users’ information within them, security and privacy are needed to be considered as well, in order for these technologies to ensure a minimum level of security and protection of users’ information. Users, on the other hand, should be aware of their security and privacy, so as to recognize how they can be protected, while using gamified services. In this work, the relation between privacy and gamified applications, regarding both the software developers and the users, is discussed, leading to the necessity not only of designing privacy-friendly systems but also of educating users through gamification on privacy issues

Supporting the Design of Privacy-Aware Business Processes via Privacy Process Patterns

Privacy is an increasingly important concern for modern software systems which handle personal and sensitive user information. Privacy by design has been established in order to highlight the path to be followed during a system’s design phase ensuring the appropriate level of privacy for the information it handles. Nonetheless, transitioning between privacy concerns identified early during the system’s design phase, and privacy implementing technologies to satisfy such concerns at the later development stages, remains a challenge. In order to overcome this issue, mainly caused by the lack of privacy-related expertise of software systems engineers, this work proposes a series of privacy process patterns. The proposed patterns encapsulate expert knowledge and provide predefined solutions for the satisfaction of different types of privacy concerns. The patterns presented in this work are used as a component of an existing privacy-aware system design methodology, through which they are applied to a real life system

Social Media Use for Decision Making Process in Educational Settings: The Greek Case for Leadership’s Views and Attitude in Secondary and Tertiary Education

The emergence of social media and their wide usage have brought changes in almost all fields of public sphere. Nowadays governmental organizations, agencies and politicians use social media in order to ensure major civil participation, enhance e-dialogue and e-democracy consequently, emphasizing thus in participatory processes through which opinions are co-shaped and decisions are jointly made. On the other hand, in another field of public sphere, that of education, social media are mostly used for teaching support, promotion and publicity. Taking into account education’s key role in the cultivation of active citizenship as well as the fact that educational structures are self-governed, the aim of this study was to identify leadership’s views of Greek Secondary and Tertiary Education on the potential use of social media in educational environments for the purpose of a participatory decision-making process which broadens stakeholder involvement in educational policy-making

Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn’t come without substantial risks. These risks are the significant barriers for the wider cloud adoption. Cloud computing has obtained a lot of attention by both research and industry communities in recent years. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. We identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment only emphasize on security and privacy risks. Our study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Our observation emphasizes the necessity of a comprehensive risk management framework to support the migration decision and to monitor the risks after migration. Finally, we propose a risk assessment approach based on the six prioritized cloud migration goals using analytic hierarchy process and determine the relative importance of these migration goals from two real migration use cases

A framework to support selection of cloud providers based on security and privacy requirements

Cloud computing is an evolving paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits, such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorised access, loss of privacy, data replication and regulatory violation that require adequate attention. Nevertheless, and despite the recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable cloud service provider based on such requirements. This paper presents a novel framework that fills this gap. Our framework incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the satisfiability of the service provider to the relevant security and privacy requirements. To illustrate our work, we present results from a real case study

Gamification: A Necessary Element for Designing Privacy Training Programs

The benefits, deriving from utilizing new Information and Communication Technologies (ICTs), such as Internet of Things or cloud computing, raise at the same time several privacy risks and concerns for users. Despite the fact that users’ inability to protect their privacy has been recognized, hence users do not get involved in processes for enhancing their awareness on such issues. However, in order to protect their fundamental right of privacy and to manage it in a practical way when using ICT, privacy literacy is crucial. Users should be trained on privacy issues through appropriate educational programs. Specifically, the development of instructional simulation programs could be of great importance. Relevant methodologies for the development of such services have been recorded in previous literature. Since the concept of training is advanced by creating attractive interaction environments, the educational privacy process could be also more efficient. Towards this, the implementation of game elements serves that purpose, contributing to the design of gameful educational programs. However, despite its benefits, gamification has been noticed to be used more as a tool rather than a concept which could be included in instructional methods. Thus, in this work, gamification features are explained to highlight their importance along with the recorded in the literature educational methods and privacy awareness issues

Assurance of security and privacy requirements for cloud deployment models

Despite of the several benefits of migrating enterprise critical assets to the Cloud, there are challenges specifically related to security and privacy. It is important that Cloud Users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by Cloud Service Providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette