From Privacy Impact Assessment to Social Impact Assessment

Edwards, Lilian; McAuley, Derek; Diver, Laurence

doi:10.1109/spw.2016.19

Cited by 11 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Assessment. Privacy impact assessments should help provide a secure method of analyzing how personally identifiable information is collected, stored, secured, shared, and handled and how it is disposed of, governed by this section [105,111,112].…”

Section: Privacy Requirementsmentioning

confidence: 99%

An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)

Demertzi

Demertzis

2023

Algorithms

View full text Add to dashboard Cite

The rapid advancements in technology have given rise to groundbreaking solutions and practical applications in the field of the Industrial Internet of Things (IIoT). These advancements have had a profound impact on the structures of numerous industrial organizations. The IIoT, a seamless integration of the physical and digital realms with minimal human intervention, has ushered in radical changes in the economy and modern business practices. At the heart of the IIoT lies its ability to gather and analyze vast volumes of data, which is then harnessed by artificial intelligence systems to perform intelligent tasks such as optimizing networked units’ performance, identifying and correcting errors, and implementing proactive maintenance measures. However, implementing IIoT systems is fraught with difficulties, notably in terms of security and privacy. IIoT implementations are susceptible to sophisticated security attacks at various levels of networking and communication architecture. The complex and often heterogeneous nature of these systems makes it difficult to ensure availability, confidentiality, and integrity, raising concerns about mistrust in network operations, privacy breaches, and potential loss of critical, personal, and sensitive information of the network's end-users. To address these issues, this study aims to investigate the privacy requirements of an IIoT ecosystem as outlined by industry standards. It provides a comprehensive overview of the IIoT, its advantages, disadvantages, challenges, and the imperative need for industrial privacy. The research methodology encompasses a thorough literature review to gather existing knowledge and insights on the subject. Additionally, it explores how the IIoT is transforming the manufacturing industry and enhancing industrial processes, incorporating case studies and real-world examples to illustrate its practical applications and impact. Also, the research endeavors to offer actionable recommendations on implementing privacy-enhancing measures and establishing a secure IIoT ecosystem.

show abstract

Section: Privacy Requirementsmentioning

confidence: 99%

An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)

Demertzi

Demertzis

2023

Algorithms

View full text Add to dashboard Cite

show abstract

“…Users might not foresee the possible risks of inferences drawn from their data, especially when datasets are combined. Edwards et al even suggest that "social impact assessment" should be considered that would "consider the public interest as well as the interests and rights of enterprises and users" [56] and look at factors like sharing practices since "B2B relationships, are not designed with privacy as a prime consideration " [56].…”

Section: Guideline 7: Ethical Data Sharing Practicesmentioning

confidence: 99%

Ethical and normative challenges of identification in the Internet of Things

Wachter

2018

Living in the Internet of Things: Cybersecurity of the IoT - 2018

View full text Add to dashboard Cite

A defining characteristic of the Internet of Things (IoT) is pervasive collection and linkage of user data to provide personalised experiences. To enable this functionality, IoT devices and services must be connected and share data about users' interactions with multiple nodes in the network. Consistent identification of users and devices across the network is likewise necessary. These aspects of the IoT can pose risks to user privacy. Potentially invasive inferences can be drawn from linked datasets, including data generated through usage of connected devices and services. The forthcoming General Data Protection Regulation (GDPR) contains numerous provisions relevant to the risks posed by identification technologies. However, the strict legal requirements defined in the Articles of the GDPR may be insufficient to ensure a fair balance is struck between user's interests in privacy and the interests of IoT developers and data controllers. To address this gap, this paper proposes a three-step transparency model based on known privacy risks of the IoT, weaknesses in relevant legally binding provisions in the GDPR, and the GDPR's governing principles. Eleven guidelines aimed at IoT developers and data controllers are described addressing how information about the functionality of IoT devices and services should be shared with users. The guidelines describe ethically desirable standards to be adhered to in addition to the GDPR's legally binding requirements. To demonstrate how the guidelines could apply in practice and alter the design choices and practices of IoT developers and data controllers, connected cars are considered as a use case.

show abstract

“…It has been shown in many studies that employees are the weakest link in any organization in terms of information security (Edwards et al, 2016;Kotenko et al, 2011;Irani et al, 2011). Many security attacks are due to social engineering, which relies on a low level of employee awareness of safe security practices that need to be followed to prevent such attacks (Edwards et al, 2016;Kotenko et al, 2011;Irani et al, 2011). Therefore, the security metric for this layer has to be defined to meet the requirements of the security design principle of securing the weakest link.…”

Section: Employee-based Security Assessmentmentioning

confidence: 99%

Enterprise Architecture Security Assessment Framework (EASAF)

Alshammari¹

2017

Journal of Computer Science

View full text Add to dashboard Cite

Abstract:Many existing studies have shown that the causes of most of system attacks are not related to coding vulnerabilities that apply to individual systems, issues related to the run-time environment, or the technology in place. In fact, they are caused by issues associated with how systems within organizations are structured. Therefore, it is necessary to examine security with regard to all components that influence the organization's systems, including data, processes and even employees. The most promising approach to achieving this goal is Enterprise Architecture (EA). The main goal of this project is to develop a framework based on the concepts of well-established EA frameworks such as TOGAF and Zachman and their compositional layers (e.g., application, information and process). This framework will be combined with a data flow analysis of the principles that trace the potential information flow between high-and low-security enterprise components. Therefore, this paper studies various enterprise architecture frameworks and shows how to develop an enterprise architecture framework that considers the organization's information security from the perspective of information flow. This framework will have various layers, each with a set of security metrics that quantify the organization's relative security based on the specifications of that layer. The defined framework will be capable of defining Enterprise Architecture security-related principles and metrics. These principles and metrics will eventually be used to define how to develop secure enterprise systems based on the enterprise architecture with regard to security-critical information flow within any given organization. The defined framework will also be capable of providing guidance for information security architects by recognizing certain parts of the organization that are less secure than others.

show abstract

From Privacy Impact Assessment to Social Impact Assessment

Cited by 11 publications

References 21 publications

An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)

An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)

Ethical and normative challenges of identification in the Internet of Things

Enterprise Architecture Security Assessment Framework (EASAF)

Contact Info

Product

Resources

About