The Experts below are selected from a list of 2976 Experts worldwide ranked by ideXlab platform
A.j. Burns - One of the best experts on this subject based on the ideXlab platform.
-
Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA
European Journal of Information Systems, 2017Co-Authors: Clay Posey, Uzma Raja, Robert E. Crossler, A.j. BurnsAbstract:Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblood of many firms across the globe. As organisations accumulate their constituencies’ PII (e.g. customers’, students’, patients’, and employees’ data), individuals’ privacy will depend on the adequacy of organisations’ information privacy safeguards. Despite existing protections, many breaches still occur. For example, US organisations reported around 4,500 PII-breach events between 2005 and 2015. With such a high number of breaches, determining all threats to PII within organisations proves a burdensome task. In light of this difficulty, we utilise text-mining and cluster analysis techniques to create a taxonomy of various organisational PII breaches, which will help drive targeted research towards organisational PII protection. From an organisational systematics perspective, our classification system provides a foundation to explain the diversity among the myriad of threats. We identify eight major PII-breach types and provide initial literature reviews for each type of breach. We detail how US organisations differ regarding their exposure to these breaches, as well as how the level of severity (i.e. number of records affected) differs among these PII breaches. Finally, we offer several paths for future research.
-
Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA
European Journal of Information Systems, 2017Co-Authors: Clay Posey, Uzma Raja, Robert E. Crossler, A.j. BurnsAbstract:Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblo...
K. Suzanne Barber - One of the best experts on this subject based on the ideXlab platform.
-
TPS-ISA - Is Your Phone You? How Privacy Policies of Mobile Apps Allow the Use of Your personally identifiable information
2020 Second IEEE International Conference on Trust Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2020Co-Authors: Kai Chih Chang, Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:People continue to store their sensitive information in their smart-phone applications. Users seldom read an app’s privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 personally identifiable information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach $1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.
-
ICCST - US-Centric vs. International personally identifiable information: A Comparison Using the UT CID Identity Ecosystem
2018 International Carnahan Conference on Security Technology (ICCST), 2018Co-Authors: Rima Rana, Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:personally identifiable information (PII) refers to any information that can be used to trace or identify an individual. A Javelin Strategy and Research Report stated that PII misuse and fraud hits record high with 15.4 million US victims in 2016, about 16% more than the previous year. A comprehensive analysis of PII attributes and their relationships is necessary to protect users from identity theft. However, identity theft and fraud are not just a US problem. According to a new report from Risk Based Security, in 2016, there were 4,149 confirmed breaches exposing more than 4.2 billion records globally. That is approximately 3.2 billion more records than were exposed in 2013, the previous all-time high. In this paper, we extend the mathematical representation and implementation model of the UT CID Identity Ecosystem representing PII attributes and relationships to incorporate international PII. Previously, the UT CID Identity Ecosystem model has been primarily populated using data about US theft and fraud cases to include PII attributes used to transact crime as well as accidental exposure of PII attributes. Statistics are also calculated and associated with respective PII attributes such as the frequency of exposure occurrences for respective PII attributes, monetization value of PII (i.e. financial consequences of the crime), and strength of relationships between PII attributes. This research describes how the content of the UT CID Identity Ecosystem and resulting analysis change when PII attributes from international identity theft and fraud cases are incorporated. Not only are the PII attributes different in an international UT CID Identity Ecosystem, the relationships between PII attributes change, the monetization value of PII attributes change, and the risk of exposure change when worldwide identity theft and fraud cases are considered.
-
A study of web privacy policies across industries
Journal of Information Privacy and Security, 2017Co-Authors: Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:Today, more than ever, companies collect their customers’ personally identifiable information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ priva...
-
EISIC - Risk Kit: Highlighting Vulnerable Identity Assets for Specific Age Groups
2016 European Intelligence and Security Informatics Conference (EISIC), 2016Co-Authors: Razieh Nokhbeh Zaeem, Monisha Manoharan, K. Suzanne BarberAbstract:Identity theft is perhaps the defining crime of the information age. Identity theft threatens various demographics, but some age groups, e.g., senior citizens, are particularly vulnerable. In this paper, we study how identity theft puts different personally identifiable information (PII) assets at risk of exposure, and how this risk changes throughout one's lifecycle. We categorize PII assets, introducing a fourth novel category, measure their exposure risk using the Identity Theft Assessment and Prediction (ITAP) repository of over 3,000 identity theft cases, and track the risk change throughout an individual's lifecycle. We introduce the concept of PII Balance Sheets, and finally, we present a free publicly available Android app that demonstrates our research results. This app not only educates individuals and highlights their vulnerable identity assets, but also is useful when they make the decision of whether or not to share their personally identifiable information.
Guan Mengyuan - One of the best experts on this subject based on the ideXlab platform.
-
crowdsourcing leakage of personally identifiable information via sina microblog
International Conference on Internet of Vehicles, 2014Co-Authors: Zhan Shaobin, Shi Guangjun, Guan MengyuanAbstract:Since Edward Snowden’s leaks about the scale and scope of US electronic surveillance, it has become apparent that security services are just as fascinating as what they might learn from our data exhaust. At the time, cybercrime is becoming a global threat now. Cybercriminals may engage in criminal activities with personal privacy data from microblog. Identity theft is probably an example. In this paper we examine the characteristics of privacy leakage in microblog and its potential threats to the Internet community. Research found that a large number of privacy information in social network space was leaked unintentionally. Users often share too much significant personal information. Our study found that the accumulated privacy information may bring huge spam into Internet space. We examined over 20 million nodes profile information and extracted the name, location, gender, and email from these nodes profiles. After basic analysis and processing, we shown that all these personal information is enough to launch spam storm or other criminal activities. The result suggests that each node in the microblog should protect its privacy information carefully.
-
IOV - Crowdsourcing Leakage of personally identifiable information via Sina Microblog
Lecture Notes in Computer Science, 2014Co-Authors: Zhan Shaobin, Shi Guangjun, Guan MengyuanAbstract:Since Edward Snowden’s leaks about the scale and scope of US electronic surveillance, it has become apparent that security services are just as fascinating as what they might learn from our data exhaust. At the time, cybercrime is becoming a global threat now. Cybercriminals may engage in criminal activities with personal privacy data from microblog. Identity theft is probably an example. In this paper we examine the characteristics of privacy leakage in microblog and its potential threats to the Internet community. Research found that a large number of privacy information in social network space was leaked unintentionally. Users often share too much significant personal information. Our study found that the accumulated privacy information may bring huge spam into Internet space. We examined over 20 million nodes profile information and extracted the name, location, gender, and email from these nodes profiles. After basic analysis and processing, we shown that all these personal information is enough to launch spam storm or other criminal activities. The result suggests that each node in the microblog should protect its privacy information carefully.
Clay Posey - One of the best experts on this subject based on the ideXlab platform.
-
Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA
European Journal of Information Systems, 2017Co-Authors: Clay Posey, Uzma Raja, Robert E. Crossler, A.j. BurnsAbstract:Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblood of many firms across the globe. As organisations accumulate their constituencies’ PII (e.g. customers’, students’, patients’, and employees’ data), individuals’ privacy will depend on the adequacy of organisations’ information privacy safeguards. Despite existing protections, many breaches still occur. For example, US organisations reported around 4,500 PII-breach events between 2005 and 2015. With such a high number of breaches, determining all threats to PII within organisations proves a burdensome task. In light of this difficulty, we utilise text-mining and cluster analysis techniques to create a taxonomy of various organisational PII breaches, which will help drive targeted research towards organisational PII protection. From an organisational systematics perspective, our classification system provides a foundation to explain the diversity among the myriad of threats. We identify eight major PII-breach types and provide initial literature reviews for each type of breach. We detail how US organisations differ regarding their exposure to these breaches, as well as how the level of severity (i.e. number of records affected) differs among these PII breaches. Finally, we offer several paths for future research.
-
Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA
European Journal of Information Systems, 2017Co-Authors: Clay Posey, Uzma Raja, Robert E. Crossler, A.j. BurnsAbstract:Many organisations create, store, or purchase information that links individuals’ identities to other data. Termed personally identifiable information (PII), this information has become the lifeblo...
Razieh Nokhbeh Zaeem - One of the best experts on this subject based on the ideXlab platform.
-
is your phone you how privacy policies of mobile apps allow the use of your personally identifiable information
2020 Second IEEE International Conference on Trust Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2020Co-Authors: Kai Chih Chang, Razieh Nokhbeh Zaeem, Suzanne K. BarberAbstract:People continue to store their sensitive information in their smart-phone applications. Users seldom read an app’s privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 personally identifiable information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach $1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.
-
TPS-ISA - Is Your Phone You? How Privacy Policies of Mobile Apps Allow the Use of Your personally identifiable information
2020 Second IEEE International Conference on Trust Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2020Co-Authors: Kai Chih Chang, Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:People continue to store their sensitive information in their smart-phone applications. Users seldom read an app’s privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 personally identifiable information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach $1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.
-
US-Centric vs. International personally identifiable information: A Comparison Using the UT CID Identity Ecosystem
2018 International Carnahan Conference on Security Technology (ICCST), 2018Co-Authors: Rima Rana, Razieh Nokhbeh Zaeem, Suzanne K. BarberAbstract:personally identifiable information (PII) refers to any information that can be used to trace or identify an individual. A Javelin Strategy and Research Report stated that PII misuse and fraud hits record high with 15.4 million US victims in 2016, about 16% more than the previous year. A comprehensive analysis of PII attributes and their relationships is necessary to protect users from identity theft. However, identity theft and fraud are not just a US problem. According to a new report from Risk Based Security, in 2016, there were 4,149 confirmed breaches exposing more than 4.2 billion records globally. That is approximately 3.2 billion more records than were exposed in 2013, the previous all-time high. In this paper, we extend the mathematical representation and implementation model of the UT CID Identity Ecosystem representing PII attributes and relationships to incorporate international PII. Previously, the UT CID Identity Ecosystem model has been primarily populated using data about US theft and fraud cases to include PII attributes used to transact crime as well as accidental exposure of PII attributes. Statistics are also calculated and associated with respective PII attributes such as the frequency of exposure occurrences for respective PII attributes, monetization value of PII (i.e. financial consequences of the crime), and strength of relationships between PII attributes. This research describes how the content of the UT CID Identity Ecosystem and resulting analysis change when PII attributes from international identity theft and fraud cases are incorporated. Not only are the PII attributes different in an international UT CID Identity Ecosystem, the relationships between PII attributes change, the monetization value of PII attributes change, and the risk of exposure change when worldwide identity theft and fraud cases are considered.
-
ICCST - US-Centric vs. International personally identifiable information: A Comparison Using the UT CID Identity Ecosystem
2018 International Carnahan Conference on Security Technology (ICCST), 2018Co-Authors: Rima Rana, Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:personally identifiable information (PII) refers to any information that can be used to trace or identify an individual. A Javelin Strategy and Research Report stated that PII misuse and fraud hits record high with 15.4 million US victims in 2016, about 16% more than the previous year. A comprehensive analysis of PII attributes and their relationships is necessary to protect users from identity theft. However, identity theft and fraud are not just a US problem. According to a new report from Risk Based Security, in 2016, there were 4,149 confirmed breaches exposing more than 4.2 billion records globally. That is approximately 3.2 billion more records than were exposed in 2013, the previous all-time high. In this paper, we extend the mathematical representation and implementation model of the UT CID Identity Ecosystem representing PII attributes and relationships to incorporate international PII. Previously, the UT CID Identity Ecosystem model has been primarily populated using data about US theft and fraud cases to include PII attributes used to transact crime as well as accidental exposure of PII attributes. Statistics are also calculated and associated with respective PII attributes such as the frequency of exposure occurrences for respective PII attributes, monetization value of PII (i.e. financial consequences of the crime), and strength of relationships between PII attributes. This research describes how the content of the UT CID Identity Ecosystem and resulting analysis change when PII attributes from international identity theft and fraud cases are incorporated. Not only are the PII attributes different in an international UT CID Identity Ecosystem, the relationships between PII attributes change, the monetization value of PII attributes change, and the risk of exposure change when worldwide identity theft and fraud cases are considered.
-
A study of web privacy policies across industries
Journal of Information Privacy and Security, 2017Co-Authors: Razieh Nokhbeh Zaeem, K. Suzanne BarberAbstract:Today, more than ever, companies collect their customers’ personally identifiable information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ priva...
