IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v13y2021i2p30-d487796.html
   My bibliography  Save this article

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

Author

Listed:
  • Dimitrios Papamartzivanos

    (R&D Department, Ubitech Ltd., 11632 Athens, Greece)

  • Sofia Anna Menesidou

    (R&D Department, Ubitech Ltd., 11632 Athens, Greece)

  • Panagiotis Gouvas

    (R&D Department, Ubitech Ltd., 11632 Athens, Greece)

  • Thanassis Giannetsos

    (DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Lyngby, Denmark)

Abstract

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

Suggested Citation

  • Dimitrios Papamartzivanos & Sofia Anna Menesidou & Panagiotis Gouvas & Thanassis Giannetsos, 2021. "A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly," Future Internet, MDPI, vol. 13(2), pages 1-34, January.
  • Handle: RePEc:gam:jftint:v:13:y:2021:i:2:p:30-:d:487796
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/13/2/30/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/13/2/30/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Jane Henriksen-Bulmer & Shamal Faily & Sheridan Jeary, 2020. "DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems," Future Internet, MDPI, vol. 12(5), pages 1-23, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Sanaa Kaddoura & Ramzi A. Haraty & Karam Al Kontar & Omar Alfandi, 2021. "A Parallelized Database Damage Assessment Approach after Cyberattack for Healthcare Systems," Future Internet, MDPI, vol. 13(4), pages 1-18, March.
    2. Weizhi Meng & Thanassis Giannetsos & Christian D. Jensen, 2022. "Information and Future Internet Security, Trust and Privacy," Future Internet, MDPI, vol. 14(12), pages 1-2, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Jane Henriksen-Bulmer & Cagatay Yucel & Shamal Faily & Ioannis Chalkias, 2022. "Privacy Goals for the Data Lifecycle," Future Internet, MDPI, vol. 14(11), pages 1-25, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:13:y:2021:i:2:p:30-:d:487796. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.