The paper entitled “A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly” has been accepted and published online at the Special Issue “Information and Future Internet Security, Trust and Privacy” of the Future Internet (ISSN 1999-5903), an open access journal published monthly online by MDPI. The UBITECH’s Digital Security and Trusted Computing research group proposes the APSIA methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation.
Our team provides a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.
For the full article, please visit (open access): https://www.mdpi.com/1999-5903/13/2/30
