Refine
Year of publication
- 2020 (2) (remove)
Document Type
- Article (1)
- Habilitation (1)
Language
- English (2)
Has Fulltext
- yes (2)
Is part of the Bibliography
- no (2)
Keywords
- privacy (2) (remove)
Institute
In order to address security and privacy problems in practice, it is very important to have a solid elicitation of requirements, before trying to address the problem. In this thesis, specific challenges of the areas of social engineering, security management and privacy enhancing technologies are analyzed:
Social Engineering: An overview of existing tools usable for social engineering is provided and defenses against social engineering are analyzed. Serious games are proposed as a more pleasant way to raise employees’ awareness and to train them.
Security Management: Specific requirements for small and medium sized energy providers are analyzed and a set of tools to support them in assessing security risks and improving their security is proposed. Larger enterprises are supported by a method to collect security key performance indicators for different subsidiaries and with a risk assessment method for apps on mobile devices. Furthermore, a method to select a secure cloud provider – the currently most popular form of outsourcing – is provided.
Privacy Enhancing Technologies: Relevant factors for the users’ adoption of privacy enhancing technologies are identified and economic incentives and hindrances for companies are discussed. Privacy by design is applied to integrate privacy into the use cases e-commerce and internet of things.
In the recent decades, privacy scholarship has made significant progress. Most of it was achieved in monodisciplinary works. However, privacy has a deeply interdisciplinary nature. Most importantly, societies as well as individuals experience privacy as being influenced by legal, technical, and social norms and structures. In this article, we hence attempt to connect insights of different academic disciplines into a joint model, an Interdisciplinary Privacy and Communication Model. The model differentiates four different elements: communication context, protection needs, threat and risk analysis, as well as protection enforcement. On the one hand, with this model, we aim to describe how privacy unfolds. On the other hand, the model also prescribes how privacy can be furnished and regulated. As such, the model contributes to a general understanding of privacy as a theoretical guide and offers a practical basis to address new challenges of the digital age.