Open Access

Pokémon Go is one of the most successful mobile games of all time. Millions played and still play this mobile augmented reality (AR) application, although severe privacy issues are pervasive in the app due to its use of several sensors such as location data and camera. In general, individuals regularly use online services and mobile apps although they might know that the use is associated with high privacy risks. This seemingly contradictory behavior of users is analyzed from a variety of different perspectives in the information systems domain. One of these perspectives evaluates privacy-related decision making processes based on concepts from behavioral economics. We follow this line of work by empirically testing one exemplary extraneous factor within the “enhanced APCO model” (antecedents–privacy concerns–outcome). Specific empirical tests on such biases are rare in the literature which is why we propose and empirically analyze the extraneous influence of a positivity bias. In our case, we hypothesize that the bias is induced by childhood brand nostalgia towards the Pokémon franchise. We analyze our proposition in the context of an online survey with 418 active players of the game. Our results indicate that childhood brand nostalgia influences the privacy calculus by exerting a large effect on the benefits within the trade-off and, therefore, causing a higher use frequency. Our work shows two important implications. First, the behavioral economics perspective on privacy provides additional insights relative to previous research. However, the effects of several other biases and heuristics have to be tested in future work. Second, relying on nostalgia represents an important, but also double-edged, instrument for practitioners to market new services and applications.

Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which consists of a set of questions that providers should answer to document which security controls their cloud offerings support. In this paper, we adopted an empirical approach to investigate whether the CAIQ facilitates the comparison and ranking of the security offered by competitive cloud providers. We conducted an empirical study to investigate if comparing and ranking the security posture of a cloud provider based on CAIQ’s answers is feasible in practice. Since the study revealed that manually comparing and ranking cloud providers based on the CAIQ is too time-consuming, we designed an approach that semi-automates the selection of cloud providers based on CAIQ. The approach uses the providers’ answers to the CAIQ to assign a value to the different security capabilities of cloud providers. Tenants have to prioritize their security requirements. With that input, our approach uses an Analytical Hierarchy Process (AHP) to rank the providers’ security based on their capabilities and the tenants’ requirements. Our implementation shows that this approach is computationally feasible and once the providers’ answers to the CAIQ are assessed, they can be used for multiple CSP selections. To the best of our knowledge this is the first approach for cloud provider selection that provides a way to assess the security posture of a cloud provider in practice.

In order to address security and privacy problems in practice, it is very important to have a solid elicitation of requirements, before trying to address the problem. In this thesis, specific challenges of the areas of social engineering, security management and privacy enhancing technologies are analyzed: Social Engineering: An overview of existing tools usable for social engineering is provided and defenses against social engineering are analyzed. Serious games are proposed as a more pleasant way to raise employees’ awareness and to train them. Security Management: Specific requirements for small and medium sized energy providers are analyzed and a set of tools to support them in assessing security risks and improving their security is proposed. Larger enterprises are supported by a method to collect security key performance indicators for different subsidiaries and with a risk assessment method for apps on mobile devices. Furthermore, a method to select a secure cloud provider – the currently most popular form of outsourcing – is provided. Privacy Enhancing Technologies: Relevant factors for the users’ adoption of privacy enhancing technologies are identified and economic incentives and hindrances for companies are discussed. Privacy by design is applied to integrate privacy into the use cases e-commerce and internet of things.

This paper provides an assessment framework for privacy policies of Internet of Things Services which is based on particular GDPR requirements. The objective of the framework is to serve as supportive tool for users to take privacy-related informed decisions. For example when buying a new fitness tracker, users could compare different models in respect to privacy friendliness or more particular aspects of the framework such as if data is given to a third party. The framework consists of 16 parameters with one to four yes-or-no-questions each and allows the users to bring in their own weights for the different parameters. We assessed 110 devices which had 94 different policies. Furthermore, we did a legal assessment for the parameters to deal with the case that there is no statement at all regarding a certain parameter. The results of this comparative study show that most of the examined privacy policies of IoT devices/services are insufficient to address particular GDPR requirements and beyond. We also found a correlation between the length of the policy and the privacy transparency score, respectively.

Background: Recognizing patients at risk for pulmonary complications (PC) is of high clinical relevance. Migration of polymorphonuclear leukocytes (PMN) to inflammatory sites plays an important role in PC, and is tightly regulated by specific chemokines including interleukin (IL)−8 and other mediators such as leukotriene (LT)B4. Previously, we have reported that LTB4 indicated early patients at risk for PC after trauma. Here, the relevance of LTB4 to indicating lung integrity in a newly established long-term porcine severe trauma model (polytrauma, PT) was explored. Methods: mTwelve pigs (3 months old, 30 ± 5 kg) underwent PT including standardized femur fracture, lung contusion, liver laceration, hemorrhagic shock, subsequent resuscitation and surgical fracture fixation. Six animals served as controls (sham). After 72 h lung damage and inflammatory changes were assessed. LTB4 was determined in plasma before the experiment, immediately after trauma, and after 2, 4, 24 or 72 h. Bronchoalveolar lavage (BAL)-fluid was collected prior and after the experiment. Results: Lung injury, local gene expression of IL-8, IL-1β, IL-10, IL-18 and PMN-infiltration into lungs increased significantly in PT compared with sham. Systemic LTB4 increased markedly in both groups 4 h after trauma. Compared with declined plasma LTB4 levels in sham, LTB4 increased further in PT after 72 h. Similar increase was observed in BAL-fluid after PT. Conclusions: In a severe trauma model, sustained changes in terms of lung injury and inflammation are determined at day 3 post-trauma. Specifically, increased LTB4 in this porcine long-term model indicated a rapid inflammatory alteration both locally and systemically. The results support the concept of LTB4 as a biomarker for PC after severe trauma and lung contusion.