Browsing by Author "Boiten, Eerke Albert"
Now showing 1 - 20 of 33
Results Per Page
Sort Options
Item Open Access 9 Squares: Framing Data Privacy Issues(Winchester University Press, 2017-04) Boiten, Eerke AlbertIn order to frame discussions on data privacy in varied contexts, this paper introduces a categorisation of personal data along two dimensions. Each of the nine resulting categories offers a significantly different flavour of issues in data privacy. Some issues can also be perceived as a tension along a boundary between different categories. The first dimension is data ownership: who holds or publishes the data. The three possibilities are “me”, i.e. the data subject; “us”, where the data subject is part of a community; and “them”, where the data subject is indeed a subject only. The middle category contains social networks as the most interesting instance. The amount of control for the data subject moves from complete control in the “me” category to very little at all in the “them” square – but the other dimension also plays a role in that. The second dimension has three possibilities, too, focusing on the type of personal data recorded: “attributes” are what would traditionally be found in databases, and what one might think of first for “data protection”. The second type of data is “stories”, which is personal data (explicitly) produced by the data subjects, such as emails, pictures, and social network posts. The final type is “behaviours”, which is (implicitly) generated personal data, such as locations and browsing histories. The data subject has very little control over this data, even in the “us” category. This lack of control, which is closely related to the business models of the “us” category, is likely the major data privacy problem of our time.Item Open Access Challenges in assessing privacy impact: Tales from the front lines(John Wiley & Sons, 2019-12-13) Ferra, Fenia; Wagner, Isabel; Boiten, Eerke Albert; Hadlington, Lee; Psychoula, Ismini; Snape, J. RichardData protection impact assessments (DPIAs) aim to identify, rank, and mitigate privacy risks. Even though DPIAs are legally mandated in some cases and privacy professionals perform DPIAs on a daily basis, facilitating the systematic measurement of privacy risks is an open problem. Research on privacy risk measurement often does not take into account the practical needs and requirements for DPIAs in real organizations. In this article, we fill this gap by reporting on focus groups we held with a diverse group of privacy professionals. Through thematic analysis, we identify three themes that emerged from the focus groups: (a) how privacy in the contemporary society affects privacy risk assessment; (b) current practices and procedures in privacy risk assessment; and (c) common issues and challenges. Based on these themes, we identify future research directions for privacy risk measurement. Our article can help to ground research on privacy risk measurement in practical challenges faced by privacy professionals.Item Open Access Changes in Conducting Data Protection Risk Assessment: Before and After GDPR implementation(arxiv, 2023-04-24) Zarrabi, Jorshari Fatemeh; Wagner, Isabel; Boiten, Eerke AlbertBased on Article 35 of the EU (European Union) General Data Protection Regu- lation, a Data Protection Impact Assessment (DPIA) is necessary whenever there is a possibility of a high privacy and data protection risk to individuals caused by a new project under development. A similar process to DPIA had been previously known as Privacy Impact Assessment (PIA). We are investigating here to find out if GDPR and DPIA specifically as its privacy risk assessment tool have resolved the challenges privacy practitioners were previously facing in implementing PIA. To do so, our methodology is based on comparison and thematic analysis on two sets of focus groups we held with privacy professionals back in January 2018 (four months before GDPR came into effect) and then in November 2019 (18 months after GDPR implementationItem Open Access Complementing Privacy and Utility Trade-Off with Self-Organising Maps(MDPI, 2021-08-17) Mohammed, Kabiru; Ayesh, Aladdin; Boiten, Eerke AlbertIn recent years, data-enabled technologies have intensified the rate and scale at which organisations collect and analyse data. Data mining techniques are applied to realise the full potential of large-scale data analysis. These techniques are highly efficient in sifting through big data to extract hidden knowledge and assist evidence-based decisions, offering significant benefits to their adopters. However, this capability is constrained by important legal, ethical and reputational concerns. These concerns arise because they can be exploited to allow inferences to be made on sensitive data, thus posing severe threats to individuals’ privacy. Studies have shown Privacy-Preserving Data Mining (PPDM) can adequately address this privacy risk and permit knowledge extraction in mining processes. Several published works in this area have utilised clustering techniques to enforce anonymisation models on private data, which work by grouping the data into clusters using a quality measure and generalising the data in each group separately to achieve an anonymisation threshold. However, existing approaches do not work well with high-dimensional data, since it is difficult to develop good groupings without incurring excessive information loss. Our work aims to complement this balancing act by optimising utility in PPDMprocesses. To illustrate this, we propose a hybrid approach, that combines self-organising maps with conventional privacy-based clustering algorithms. We demonstrate through experimental evaluation, that results from our approach produce more utility for data mining tasks and outperforms conventional privacy-based clustering algorithms. This approach can significantly enable large-scale analysis of data in a privacy-preserving and trustworthy manner.Item Open Access Critical infrastructure firms face crackdown over poor cybersecurity(The Conversation, 2018-01-30) Boiten, Eerke AlbertBut despite the UK's alarmist tone on the incoming NIS directive, it's not just about the hefty £17m fines.Item Open Access Cybersecurity in the Era of Digital Transformation: The case of Greece(IEEE, 2020-11-27) Maglaras, Leandros; Drivas, George; Chouliaras, Nestoras; Boiten, Eerke Albert; Lambrinoudakis, Costas; Ioannidis, SotirisThis article presents the cybersecurity progress in Greece since the creation of the Greek National Cyber Security Authority as nation-wide cybersecurity coordination and policy-making unit. During this period, Greece issued a Ministerial Decree that established the National Cyber Security Authority, issued the National Cybersecurity Strategy, transposed the NIS Directive to National Law, and issued a Ministerial Decree that helped establish a cybersecurity framework for the public sector and the critical infrastructures that reside in Greece. This structured effort led to the achievement of gaining the 1st position in the prestigious NCSI index for Greece, amongst 160 countries.Item Open Access Diversity and adjudication(Elsevier, 2015-10-21) Boiten, Eerke AlbertThis paper takes an axiomatic and calculational view of diversity (or "N-version programming"), where multiple implementations of the same specification are executed in parallel to increase dependability. The central notion is "adjudication": once we have multiple, potential different, outcomes, how do we come to a single result? Adjudication operators are explicitly defined and some general properties for these explored.Item Embargo GDPR-based Extortion is a Dangerous Myth(Incisive Business Media Limited, 2018-02-22) Boiten, Eerke AlbertExtortion via GDPR fines is not a realistic addition to the criminal repetoire.Item Open Access Google’s scrapping third-party cookies – but invasive targeted advertising will live on(The Conversation Trust, 2021-03-21) Boiten, Eerke AlbertItem Open Access A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom(MDPI, 2020) Aliyu, Aliyu; Maglaras, Leandros; He, Ying; Yevseyeva, Iryna; Cook, Allan; Janicke, Helge; Boiten, Eerke AlbertAs organisations are vulnerable to cyber attacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light web-based model that can be used as a cyber security assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security and privacy regulations and best practises that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.Item Open Access Intrusion Detection System for Platooning Connected Autonomous Vehicles(2019) Kosmanos, Dimitrios; Pappas, Apostolos; Aparicio-Navarro, Francisco J.; Maglaras, Leandros; Janicke, Helge; Boiten, Eerke Albert; Argyriou, AntoniosThe deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detection System (IDS) based on Machine Learning (ML) techniques designed to detect both spoofing and jamming attacks in a CAV environment. The IDS would reduce the risk of traffic disruption and accident caused as a result of cyber-attacks. The detection engine of the presented IDS is based on the ML algorithms Random Forest (RF), k-Nearest Neighbour (k-NN) and One-Class Support Vector Machine (OCSVM), as well as data fusion techniques in a cross-layer approach. To the best of the authors’ knowledge, the proposed IDS is the first in literature that uses a cross-layer approach to detect both spoofing and jamming attacks against the communication of connected vehicles platooning. The evaluation results of the implemented IDS present a high accuracy of over 90% using training datasets containing both known and unknown attacks.Item Embargo Nearly £100m for Marriott, £138m for BA - what is the take home message from these sudden massive ICO fines?(Incisive Media, 2019-07-10) Boiten, Eerke AlbertItem Metadata only NHS caught out by WannaCry - now scrambling to catch up(Colourfield Publishing Limited, 2017-11) Boiten, Eerke Albert; Wall, David S.Inadequacies in NHS cyber security management came to light through the WannaCry ransomware attack, and are now slowly beimng addressed.Item Open Access NHS plan to share GP patient data postponed – but will new measures address concerns?(The Conversation Trust, 2021-07-27) Boiten, Eerke AlbertItem Open Access NHS vaccine passports are here – but will they be used beyond international travel?(The Conversation Trust, 2021-05-19) Boiten, Eerke AlbertItem Embargo An opinion on the UK’s Cyber Security Export Strategy(Cecile Park Media, 2018-06) Boiten, Eerke AlbertAs part of his ongoing efforts to ensure an economically viable post-Brexit Britain, Secretary of State for International Trade Liam Fox has recently released a new Cyber Security Export Strategy for the UK, targeting the period up to 2021. As the UK has experienced some eventful times since the previous strategy was released in early 2014, this was in principle a welcome move. However, the strategy lacks convincing substance on the technological side, and targets the wrong countries. Liam Fox apparently does not want to admit that the UK’s largest cyber security export market of all is seriously at risk for multiple reasons.Item Metadata only Our personal health history is too valuable to be harvested by the tech giants(The Observer, 2020-02-16) Boiten, Eerke AlbertItem Open Access Privacy Risk Assessment: From Art to Science, by Metrics(Springer, 2018-09-07) Wagner, Isabel; Boiten, Eerke AlbertPrivacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the “correct” risk level on e.g. a five-point scale. In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.Item Open Access Recognising Re-identification Attacks on Databases, by Interpreting them as SQL Queries: A Technical Study(2020-09-24) Ishola, Olabayo; Boiten, Eerke Albert; Ayesh, Aladdin; Albakri, AdhamThe more data sharing becomes prominent in the information age, the higher the risk of shared data being used in unexpected and undesirable ways. Data holders have employed anonymisation techniques as a means of data protection when they share a database. However, attackers can circumvent the protection or presumed protection offered by anonymisation, through re identi cation attacks. Datasets are where personal information live and SQL queries are the medium through which users interact with these datasets. This paper explores from a technical perspective, how the process (killchain) of executing a re-identi cation attack can be represented and recognised as a series of SQL queries. Using one of the best known re-identi cation attack cases as a scenario, this paper explores a method for recognising re-identi cation attack as SQL queries on a database.Item Metadata only Refinement: semantics, languages and applications(Springer Nature, 2018-10-01) Boiten, Eerke Albert; Derrick, J.Refinement is one of the cornerstones of a formal approach to software engineering. Refinement is all about turning an abstract description (of a soft or hardware system) into something closer to implementation. It provides that essential bridge between higher level requirements and an implementation of those requirements. This book provides a comprehensive introduction to refinement for the researcher or graduate student. It introduces refinement in different semantic models, and shows how refinement is defined and used within some of the major formal methods and languages in use today. It (1) introduces the reader to different ways of looking at refinement, relating refinement to observations(2) shows how these are realised in different semantic models (3) shows how different formal methods use different models of refinement, and (4) how these models of refinement are related.