A data-driven security risk assessment scheme for personal data protection

Shi Cho Cha, Kuo Hui Yeh*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

21 Scopus citations

Abstract

To protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risks to their personal data. This paper proposes a data-driven risk assessment approach for personal data protection. In the proposed approach, an organization can model flows of collected personal data using extended data flow diagrams. In addition to recognizing scenarios of personal data collection and usage, the organization can identify components used to process, store, and transmit data. Based on associated components for further risk evaluation, the organization can identify potential incidents to each personal data. Compared to a traditional asset-oriented risk assessment approach, the proposed method diminishes risks to assets associated with sensitive personal data. In addition, compared to a process-oriented risk assessment approach, our approach prevents organizations from overlooking risks to sensitive data that are not used in critical business processes. While the proposed approach can improve the risk assessment accuracy of personal data protection, the study may hopefully help organizations adopt more appropriate security safeguards to protect personal data.

Original languageEnglish
Article number8454722
Pages (from-to)50510-50517
Number of pages8
JournalIEEE Access
Volume6
DOIs
StatePublished - 4 Sep 2018

Keywords

  • Personal data protection
  • Privacy
  • RFID
  • Risk assessment
  • Security

Fingerprint

Dive into the research topics of 'A data-driven security risk assessment scheme for personal data protection'. Together they form a unique fingerprint.

Cite this