Skip to main content
SpringerLink
Log in

A Model Enabling Law Compliant Privacy Protection through the Selection and Evaluation of Appropriate Security Controls

  • Conference paper
  • First Online:
Infrastructure Security (InfraSec 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2437))

Included in the following conference series:

Abstract

The broad adoption and increasing reliance on computing and communication systems in applications domains such as health services, insurance, telecommunication and direct marketing leads to the creation, collection and processing of enormous amounts of personal data. Responding to this development, international bodies, the European Union and various countries established personal data protection laws and Authorities to regulate and control their application. The legal framework imposes the taking of appropriate security measures, that may be different compared with those specified by data controllers based on their business needs, since personal data are assets with, possibly, different values for the data subjects and the controllers. In this paper, we propose a security controls selection model, that supports data controllers in their effort to methodologically choose security measures compliant to privacy protection laws being in force. Also, we propose a process to assess (methodologically) the privacy protection requirements according to the related legal provisions and the selected and implemented security controls.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. C. Pounder, ‘Security And The New Data Protection Law’, J. Computers & Security, 17 (1998), pp. 124–128.

    Article  Google Scholar 

  2. Institute for Certification of Information Technology (ICIT), ‘Scheme for self-assessment and certification of information security against BS 7799’, 1997.

    Google Scholar 

  3. OECD, Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, Paris, 1980.

    Google Scholar 

  4. Lynette Barnard and Prof. Rossuw von Solms, ‘A Formalized Approach to the Effective Selection and Evaluation of Information Security Controls’, J. Computers & Security, Vol. 19, No. 2, pp. 185–194, 2000.

    Article  Google Scholar 

  5. V. C. Zorkadis, E. Siougle, Ph. Mitletton, ‘Technical and Legal Reports on Evaluation of Security and Privacy Protection’, Hellenic Data Protection Authority, 1999–2000.

    Google Scholar 

  6. V. Zorkadis, E. Siougle, ‘Information Security and Privacy Audit Modeling’, Proc. of the 5 th World Multiconference on Circuits, Systems, Communications and Computers, Crete, July 2001

    Google Scholar 

  7. A. Jones, ‘Penetration testing and system audit-Experience gained during the investigation the investigation of systems within the UK’, J. Computers & Security, 16 (1997), pp. 595–602.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hellenic Data Protection Authority, 8 Omirou St., P.C. 10564, Athens, Greece

    E. S. Siougle & V. C. Zorkadis

Authors
  1. E. S. Siougle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. C. Zorkadis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Wisconsin-Milwaukee, 53201, Milwaukee, WI, USA

    George Davida

  2. TechTegrity LLC, P.O. Box 2125, 07091, Westfield, NJ, USA

    Yair Frankel

  3. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8QZ, Bristol, UK

    Owen Rees

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Siougle, E.S., Zorkadis, V.C. (2002). A Model Enabling Law Compliant Privacy Protection through the Selection and Evaluation of Appropriate Security Controls. In: Davida, G., Frankel, Y., Rees, O. (eds) Infrastructure Security. InfraSec 2002. Lecture Notes in Computer Science, vol 2437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45831-X_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-45831-X_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44309-4

  • Online ISBN: 978-3-540-45831-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation