Publications tagged with Risk analysis

Published:

Publications tagged with "Risk analysis"

  1. A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation
    Campanile, L., Iacono, M., Mastroianni, M., Riccio, C., & Viscardi, B. (2026). A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation [Conference paper]. Lecture Notes in Computer Science, 15893 LNCS, 303–316. https://doi.org/10.1007/978-3-031-97645-2_20
    Abstract
    Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
    DOI Publisher Details
    Details
  2. A cyber warfare perspective on risks related to health IoT devices and contact tracing
    Bobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1
    Abstract
    The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.
    DOI Publisher Details
    Details
  3. Towards privacy-aware software design in small and medium enterprises
    Campanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and medium enterprises. Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958
    Abstract
    The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE.
    DOI Publisher Details
    Details
  4. Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization
    Campanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1
    Abstract
    Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG.
    DOI Publisher Details
    Details

← Back to all publications