July 2024
·
3 Reads
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
July 2024
·
3 Reads
February 2024
·
424 Reads
·
13 Citations
IEEE Access
Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices.
January 2024
·
8 Reads
Privacy Impact Assessments (PIAs), also known as Data Protection Impact Assessments (DPIAs) under the European General Data Protection Regulation (EU GDPR), and Privacy Risk Assessments (PRAs) have emerged as prominent privacy engineering methodologies, aiding developers to systematically identify privacy risk sources and assign appropriate controls. As part of such methodologies, the concept of privacy harms has been proposed as a valuable, well-structured taxonomy or typology that contributes to the rationalization and justification of assessment decisions made by practitioners. Although some PRA methodologies have integrated privacy harms into their methods, the evidence that such inclusions improve the assessors' decision-making process results remains incipient. This study aims to understand whether adhering to and integrating privacy harm concepts can enhance the PRA outcomes by investigating PIA/DPIA and PRA practitioner's perspectives on practical operationalization aspects. A qualitative approach based on semi-structured interviews, including a workable PRA exercise, was used to elicit the practitioner's opinions and experiences concerning the use of privacy harms, with the data interpretation process following a reflexive thematic analysis. In total, 17 privacy practitioners were interviewed, allowing for an extensive range of positive (e.g., informative and educational, etc) and negative opinions (e.g., misleading, too broad, etc) on the practical inclusion and operationalization of privacy harms in PRA methodologies and the conceptualization of privacy harms when conducting assessments. The results indicate a lack of a standardized concept of privacy harm, as differing definitions have been provided. Participants also highlighted that privacy harms are highly context-dependent and vary based on the data subject and hence could result in difficulty in quantifying. Nevertheless, privacy harms are a critical addition to PIA/DPIA and PRA methodologies, supporting more rationalized and justifiable decisions when ascertaining risk and severity levels and implementing mitigating controls to prevent the materialization of harm. Yet, some prioritization of harm categories is advisable so that time and resources for assessment are efficiently allocated.
July 2023
·
60 Reads
·
9 Citations
International Journal of Medical Informatics
Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users' needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner's preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project's Randomised Control Trial, which is already ongoing.
February 2023
·
333 Reads
·
17 Citations
Communications in Computer and Information Science
Artificial intelligence (AI) and machine learning (ML) methods are increasingly adopted in cyberattacks. AI supports the establishment of covert channels, as well as the obfuscation of malware. Additionally, AI results in new forms of phishing attacks and enables hard-to-detect cyber-physical sabotage. Malware creators increasingly deploy AI and ML methods to improve their attack’s capabilities. Defenders must therefore expect unconventional malware with new, sophisticated and changing features and functions. AI’s potential for automation of complex tasks serves as a challenge in the face of defensive deployment of anti-malware AI techniques. This article summarizes the state of the art in AI-enhanced malware and the evasion and attack techniques it uses against AI-supported defensive systems. Our findings include articles describing targeted attacks against AI detection functions, advanced payload obfuscation techniques, evasion of networked communication with AI methods, malware for unsupervised-learning-based cyber-physical sabotage, decentralized botnet control using swarm intelligence and the concealment of malware payloads within neural networks that fulfill other purposes.
January 2023
·
87 Reads
Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: The entire app development process is presented, describing the app’s conceptualisation, requirement analysis, design, development, user and security testing. Experiences are shared about the development, such as the creation of the project’s expert group, the importance of involving multidisciplinary stakeholders, and the importance of evidence-based research for generating digital health technologies. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner’s preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project’s Randomised Control Trial, which is already ongoing.
November 2022
·
24 Reads
Technological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and therefore, should be subject to data protection impact assessment.
October 2022
·
1,754 Reads
·
13 Citations
Cybersecurity currently focuses primarily on defenses that detect and prevent cyber-attacks. However, it is more important to regularly verify an organization’s security posture to reinforce its cybersecurity defenses as the IT environment becomes more complex and competitive. Confronted with an increasing use of artificial intelligence (AI) in cyber attacks, attack simulation platforms need to allow software vulnerabilities to be found against AI-powered attacks too. Such simulators will enable defenders to maintain a basic safety level and gain control over their security posture. Gradually, we are moving towards smart and autonomous platforms. This paper reviews established cyberattack simulation scientific research techniques with the goal of presenting a selection of tools and platforms that minimize the biases and inaccuracies inherent in traditional, isolated ad hoc research on A-powered cyberattacks.
August 2022
·
385 Reads
·
7 Citations
What harms and consequences do patients experience after a medical data breach? This article aims at the improvement of privacy impact analysis for data breaches that involve personal medical data. The article has two major findings. First, scientific literature does not mention consequences and harms to the data subjects when discussing data breaches in the healthcare sector. For conceptualizing actual documented harm, we had to search court rulings and popular press articles instead. We present the findings of our search for empirically founded harms in the first part of the article. Second, we present a modified PRIAM assessment method with the goal of better assessment of harms and consequences of such data breaches for the patient/employee data subject in healthcare. We split the risk assessment into parallel categories of assessment rather than calculating a single risk score. In addition, we quantify the original PRIAM categories into a calculus for risk assessment. The article presents our modified PRIAM which is the result of these modifications. Our overall contribution is the collection of actual harms and consequences of e-health data breaches that complement the overly theoretical discussion in publications. With our operationalization of PRIAM and by providing a catalog of real harms examples, we focus privacy impact assessment on actual harms to persons.
February 2022
·
60 Reads
·
5 Citations
... Existing auditing scenarios for DP suffer from the limitation that they provide narrow estimates under implausible worst-case assumptions and that they require thousands or millions of training runs to produce non-trivial statistical estimates of privacy leakage [43]. Third, if we are unable to rigorously prove how private our model is, then auditing provides a heuristic measure of how private it is [44]. ...
February 2024
IEEE Access
... In a study to promote adherence to medication for breast cancer patients, Singh et.al designed a mobile application using the agile approach with various methods like focus group discussion, interview, and survey [106]. Iwaya et al. leveraged the Agile approach and combined it with other techniques that allowed the possibility of implementing a design sprint cycle to provide regular feedback to the stakeholders [47]. ...
July 2023
International Journal of Medical Informatics
... Some studies highlighted the development of more sophisticated deep learning models that can analyze not just the content of emails but also their metadata and sending patterns. Additionally, the integration of AI with other cybersecurity measures, such EAI Endorsed Transactions on Scalable Information Systems | | Online First | 2024 | as user behavior analytics and threat intelligence systems, is gaining traction [30]. These integrations allow for a more holistic approach to spear phishing defense, increasing the overall effectiveness of AI systems. ...
February 2023
Communications in Computer and Information Science
... Furthermore, according to [7], the number of attacks on CPSs is increasing due to the information technology environment being more complex and rapidly evolving. Therefore, development of CPSs raises new concerns regarding the security and protection of control systems, such as prevention and resilience against cyberattacks [8]. ...
October 2022
... As virtual care becomes increasingly integral to healthcare delivery, its expanded accessibility introduces heightened risks, attracting cybercriminals seeking unauthorized access [20]. As a result, violations related to PHI have become increasingly prevalent [21]. This significantly raises concerns related to data security, privacy, and regulatory compliance, necessitating a well-defined threat model to anticipate and mitigate potential security risks in virtual healthcare environments. ...
August 2022
... Jaber et al. [26] used a grey wolf optimizer to select the proper features for phishing classification. Results show a classification rate of 97.49%. ...
February 2022
... Pre-Birth: Pre-birth origins of allergy and asthma, and other problems have been identified [27] [28]. Pre-birth Stress management has been evaluated using wristbands on mother [29]. The effects of pre-birth happenings are stored in the developing brain of the fetus for stage 1. ...
January 2022
Lecture Notes of the Institute for Computer Sciences
... This trend was exemplified when cyber incidents in July 2023 disrupted over 5,000 government services for 48 hours, impacting Kenya's digital financial ecosystem,including key platforms likeeCitizen(Kabui & Omondi, 2023). The COVID-19 pandemic's digital acceleration heightened cybersecurity concerns, with a surge in remote work creating opportunities for cybercriminals(Jaber et al., 2021). Kenya faces significant cybersecurity challenges, with the Communications Authority of Kenya (CAK) reporting over 7.7 million attacks since 2017, targeting critical information infrastructure and essential government services(Africanews, 2023). ...
November 2021
... Despite protections such as these, many ethical questions about the processing of different forms of biometric data remain unclear. For example, scholars have raised questions about whether biometric data that is not used for identification (such as for measuring emotional reactions) [14], images of biometric characteristics [163] and unprocessed biometric data [45] are actually afforded special protections under the GDPR, and point out that "broad exceptions and overall vagueness of the law leaves the door open for specifically risky uses of biometric data" ( [45], see also [71]). Furthermore, as the GDPR is an EU regulation, it may not apply to biometric data collection that occurs outside of Europe. ...
September 2021
... A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps (Hatamian et al., 2021) 2021 ...
May 2021
Empirical Software Engineering