Μετρικές και μεθοδολογίες αξιολόγησης ιδιωτικότητας και ασφάλειας πληροφοριακών συστημάτων
View/
Keywords
Μετρικές ; Ασφάλεια πληροφοριακών συστημάτων ; Ιδιωτικότητα ; Γενικός Κανονισμός Προστασίας Δεδομένων (ΓΚΠΔ) ; Μεθοδολογία σύγκρισης ιδιωτικότητας ; Ψηφιακές πληρωμές ; Πρότυπα ιδιωτικότητας ; Μηχανική μάθηση ; Metrics ; Information systems security ; Privacy ; GDPR ; Privacy comparison methodology ; Digital payments ; Privacy standards ; Machine learning ; Privacy policy evaluationAbstract
Users often encounter challenges in comprehending websites’ data protection policies, particularly those without specialized expertise. Frequently, they are unable to discern critical details or distinguish among various approaches. Developing mechanisms that clearly communicate potential risks and present information in an accessible manner remains a complex objective for researchers in this domain.
The primary aim of the doctoral thesis was to develop a framework for evaluating data protection policies that can be tailored to the specific characteristics of each examined category. This framework is structured around the principles of the General Data Protection Regulation (GDPR), which is a widely applied regulation for user privacy. Evaluating criteria within data protection policy texts, such as readability and the inclusion of visual information, makes it possible to create a consistent basis for comparison. Additionally, different weighting factors can be assigned to each criterion depending on the website category. For instance, in cases involving children's data or medical data, certain categories' weighting factors may be modified, and additional criteria can be incorporated as needed.
Research identified that there is currently no established procedure for technical evaluation of websites on their privacy measures. The second aim of the doctoral thesis was to establish specific metrics to assess and compare websites regarding the security and privacy level they offer. Key technical aspects influencing data privacy during website use, as well as user communication methods, were collected. Minimum security requirements for data protection were then defined, and weighting factors for each metric were determined accordingly.
Our primary objective is to develop a comprehensive privacy evaluation framework for websites, utilizing metrics and methodologies designed to deliver complete information regarding the level of privacy protection offered. This framework integrates the assessment of both data protection policies and technical implementations. Additionally, the quantifiable nature of results evaluation, allows users to effectively compare privacy standards across multiple websites prior to usage.
In the subsequent sections of the doctoral thesis, we examined technologies proposed for the implementation of digital payment methods. The selection of an appropriate technological foundation for each model plays a critical role in ensuring user privacy protection. The growing prevalence of electronic payments, alongside the anticipated adoption of digital currencies (such as the Digital Euro) by Central Banks, introduces new challenges in safeguarding user privacy. Our research presents an evaluation model for these technologies, tailored to address the specific requirements inherent in developing digital payment systems.
In conclusion, we outlined the principal international privacy protection standards with the objective of mapping their respective requirements, organizational practices, and procedures. Using the General Data Protection Regulation as a reference framework, we established correspondence in both organizational practices and procedural aspects.
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών ΣυστημάτωνNumber of pages
123Language
GreekCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού 3.0 Ελλάδα
Αναφορά Δημιουργού 3.0 Ελλάδα