A data-driven security risk assessment scheme for personal data protection

Shi Cho Cha, Kuo Hui Yeh*

*此作品的通信作者

研究成果: Article同行評審

21 引文 斯高帕斯(Scopus)

摘要

To protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risks to their personal data. This paper proposes a data-driven risk assessment approach for personal data protection. In the proposed approach, an organization can model flows of collected personal data using extended data flow diagrams. In addition to recognizing scenarios of personal data collection and usage, the organization can identify components used to process, store, and transmit data. Based on associated components for further risk evaluation, the organization can identify potential incidents to each personal data. Compared to a traditional asset-oriented risk assessment approach, the proposed method diminishes risks to assets associated with sensitive personal data. In addition, compared to a process-oriented risk assessment approach, our approach prevents organizations from overlooking risks to sensitive data that are not used in critical business processes. While the proposed approach can improve the risk assessment accuracy of personal data protection, the study may hopefully help organizations adopt more appropriate security safeguards to protect personal data.

原文English
文章編號8454722
頁(從 - 到)50510-50517
頁數8
期刊IEEE Access
6
DOIs
出版狀態Published - 4 9月 2018

指紋

深入研究「A data-driven security risk assessment scheme for personal data protection」主題。共同形成了獨特的指紋。

引用此