A Data-Driven Security Risk Assessment Scheme for Personal Data Protection
To protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risk...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2018-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8454722/ |
| _version_ | 1818871899803877376 |
|---|---|
| author | Shi-Cho Cha Kuo-Hui Yeh |
| author_facet | Shi-Cho Cha Kuo-Hui Yeh |
| author_sort | Shi-Cho Cha |
| collection | DOAJ |
| description | To protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risks to their personal data. This paper proposes a data-driven risk assessment approach for personal data protection. In the proposed approach, an organization can model flows of collected personal data using extended data flow diagrams. In addition to recognizing scenarios of personal data collection and usage, the organization can identify components used to process, store, and transmit data. Based on associated components for further risk evaluation, the organization can identify potential incidents to each personal data. Compared to a traditional asset-oriented risk assessment approach, the proposed method diminishes risks to assets associated with sensitive personal data. In addition, compared to a process-oriented risk assessment approach, our approach prevents organizations from overlooking risks to sensitive data that are not used in critical business processes. While the proposed approach can improve the risk assessment accuracy of personal data protection, the study may hopefully help organizations adopt more appropriate security safeguards to protect personal data. |
| first_indexed | 2024-12-19T12:30:15Z |
| format | Article |
| id | doaj.art-bb2f8659f9cd4cd997d61b11ac84a0d8 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-19T12:30:15Z |
| publishDate | 2018-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-bb2f8659f9cd4cd997d61b11ac84a0d82022-12-21T20:21:25ZengIEEEIEEE Access2169-35362018-01-016505105051710.1109/ACCESS.2018.28687268454722A Data-Driven Security Risk Assessment Scheme for Personal Data ProtectionShi-Cho Cha0Kuo-Hui Yeh1https://orcid.org/0000-0003-0598-761XDepartment of Information Management, National Taiwan University of Science and Technology, Taipei, TaiwanDepartment of Information Management, National Dong Hwa University, Hualien, TaiwanTo protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risks to their personal data. This paper proposes a data-driven risk assessment approach for personal data protection. In the proposed approach, an organization can model flows of collected personal data using extended data flow diagrams. In addition to recognizing scenarios of personal data collection and usage, the organization can identify components used to process, store, and transmit data. Based on associated components for further risk evaluation, the organization can identify potential incidents to each personal data. Compared to a traditional asset-oriented risk assessment approach, the proposed method diminishes risks to assets associated with sensitive personal data. In addition, compared to a process-oriented risk assessment approach, our approach prevents organizations from overlooking risks to sensitive data that are not used in critical business processes. While the proposed approach can improve the risk assessment accuracy of personal data protection, the study may hopefully help organizations adopt more appropriate security safeguards to protect personal data.https://ieeexplore.ieee.org/document/8454722/Personal data protectionprivacysecurityrisk assessmentRFID |
| spellingShingle | Shi-Cho Cha Kuo-Hui Yeh A Data-Driven Security Risk Assessment Scheme for Personal Data Protection IEEE Access Personal data protection privacy security risk assessment RFID |
| title | A Data-Driven Security Risk Assessment Scheme for Personal Data Protection |
| title_full | A Data-Driven Security Risk Assessment Scheme for Personal Data Protection |
| title_fullStr | A Data-Driven Security Risk Assessment Scheme for Personal Data Protection |
| title_full_unstemmed | A Data-Driven Security Risk Assessment Scheme for Personal Data Protection |
| title_short | A Data-Driven Security Risk Assessment Scheme for Personal Data Protection |
| title_sort | data driven security risk assessment scheme for personal data protection |
| topic | Personal data protection privacy security risk assessment RFID |
| url | https://ieeexplore.ieee.org/document/8454722/ |
| work_keys_str_mv | AT shichocha adatadrivensecurityriskassessmentschemeforpersonaldataprotection AT kuohuiyeh adatadrivensecurityriskassessmentschemeforpersonaldataprotection AT shichocha datadrivensecurityriskassessmentschemeforpersonaldataprotection AT kuohuiyeh datadrivensecurityriskassessmentschemeforpersonaldataprotection |