Governance, Risk Management, and Compliance Factors Influencing the Adoption of Cloud Computing in Australia

A business decision to move to the cloud brings fundamental changes in how an organization develops and delivers its Information Technology solutions. The accelerated pace of digital transformation across businesses and government agencies increases the reliance on cloud-based services. Collecting, managing, and retaining large amounts of data in cloud environments make information security and data privacy protection essential. It becomes even more important to understand what key factors drive successful cloud adoption following the commencement of the Privacy Amendment Notifiable Data Breaches (NDB) Act 2017 in Australia as the regulatory changes impact many organizations and industries. This quantitative correlational research investigated the governance, risk management, and compliance factors contributing to cloud security success. The factors influence the adoption of cloud computing within an organizational context after the commencement of the NDB scheme. The results and findings demonstrated that corporate information security policies, data storage location, management understanding of data governance responsibilities, and regular compliance assessments are the factors influencing cloud computing adoption. The research has implications for organizations, future researchers, practitioners, policymakers, and cloud computing providers to meet the rapidly changing regulatory and compliance requirements.

Privacy Protection Principles of Omnichannel Approach

The advent of the Internet, mobile devices and social media is revolutionizing the experience of retail customers by linking multiple sources through various channels. Omnichannel retailing is a retailing that combines multiple channels to allow customers to seamlessly leverage all the distribution information online and offline while shopping. Therefore, today data are an asset more critical than ever for all organizations. Nonetheless, because of its heterogeneity through platforms, developers are currently facing difficulties in dealing with personal data. Considering the possibilities of omnichannel communication, this paper presents channel categorization that could enhance the customer experience of omnichannel center called hyper center. The purpose of this paper is fundamentally to describe the connection between the omnichannel hyper center and the customer, with particular attention to privacy protection. The first phase was finding the most appropriate channels of communication for hyper center. Consequently, a selection of widely used communication channels has been identified and analyzed with regard to the effect requirements for optimizing user experience. The evaluation criteria are divided into 3 groups: general, user profile and channel options. For each criterion the weight of importance for omnichannel communication was defined. The most important thing was to consider how the hyper center can make user identification while respecting the privacy protection requirements. The study carried out also shows what customer experience across digital networks would look like, based on an omnichannel approach owing to privacy protection principles.

H.264 Video Privacy Protection Method Using Regions of Interest Encryption

Like a closed-circuit television (CCTV), video surveillance system is widely placed for gathering video from unspecified people to prevent crime, surveillance, or many other purposes. However, abuse of CCTV brings about concerns of personal privacy invasions. In this paper, we propose an encryption method to protect personal privacy system in H.264 compressed video bitstream with encrypting only regions of interest (ROI). There is no need to change the existing video surveillance system. In addition, encrypting ROI in compressed video bitstream is a challenging work due to spatial and temporal drift errors. For this reason, we propose a novel drift mitigation method when ROI is encrypted. The proposed method was implemented by using JM reference software based on the H.264 compressed videos, and experimental results show the verification of our proposed methods and its effectiveness.

Privacy vs. National Security: Where Do We Draw the Line?

Privacy is sacred and would normally be expected and preserved by an individual. Online privacy is no longer about the right to be left alone, but also includes the right not to be monitored. However, with the revelations made by United States National Security Agency former employee Edward Snowden that the government is spying on internet communications, individuals’ privacy can no longer be expected. Therefore, this paper is intended to evaluate law related to privacy protection in the digital domain, who should govern it and whether invasion to a person’s privacy is a necessary justification to preserve national security.

Tag Broker Model for Protecting Privacy in RFID Environment

RFID system, in which we give identification number to each item and detect it with radio frequency, supports more variable service than barcode system can do. For example, a refrigerator with RFID reader and internet connection will automatically notify expiration of food validity to us. But, in spite of its convenience, RFID system has some security threats, because anybody can get ID information of item easily. One of most critical threats is privacy invasion. Existing privacy protection schemes or systems have been proposed, and these schemes or systems defend normal users from attempts that any attacker tries to get information using RFID tag value. But, these systems still have weakness that attacker can get information using analogous value instead of original tag value. In this paper, we mention this type of attack more precisely and suggest 'Tag Broker Model', which can defend it. Tag broker in this model translates original tag value to random value, and user can only get random value. Attacker can not use analogous tag value, because he/she is not able to know original one from it.

Secure Data Aggregation Using Clusters in Sensor Networks

Wireless sensor network can be applied to both abominable and military environments. A primary goal in the design of wireless sensor networks is lifetime maximization, constrained by the energy capacity of batteries. One well-known method to reduce energy consumption in such networks is data aggregation. Providing efcient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present privacy-preserving data aggregation scheme for additive aggregation functions. The Cluster-based Private Data Aggregation (CPDA)leverages clustering protocol and algebraic properties of polynomials. It has the advantage of incurring less communication overhead. The goal of our work is to bridge the gap between collaborative data collection by wireless sensor networks and data privacy. We present simulation results of our schemes and compare their performance to a typical data aggregation scheme TAG, where no data privacy protection is provided. Results show the efficacy and efficiency of our schemes.

Privacy in New Mobile Payment Protocol

The increasing development of wireless networks and the widespread popularity of handheld devices such as Personal Digital Assistants (PDAs), mobile phones and wireless tablets represents an incredible opportunity to enable mobile devices as a universal payment method, involving daily financial transactions. Unfortunately, some issues hampering the widespread acceptance of mobile payment such as accountability properties, privacy protection, limitation of wireless network and mobile device. Recently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are unsuitable for mobile network. Moreover, these protocols were designed to preserve traditional flow of payment data, which is vulnerable to attack and increase the user-s risk. In this paper, we propose a private mobile payment protocol which based on client centric model and by employing symmetric key operations. The proposed mobile payment protocol not only minimizes the computational operations and communication passes between the engaging parties, but also achieves a completely privacy protection for the payer. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.

Account Management Method with Blind Signature Scheme

Reducing the risk of information leaks is one of the most important functions of identity management systems. To achieve this purpose, Dey et al. have already proposed an account management method for a federated login system using a blind signature scheme. In order to ensure account anonymity for the authentication provider, referred to as an IDP (identity provider), a blind signature scheme is utilized to generate an authentication token on an authentication service and the token is sent to an IDP. However, there is a problem with the proposed system. Malicious users can establish multiple accounts on an IDP by requesting such accounts. As a measure to solve this problem, in this paper, the authors propose an account checking method that is performed before account generation.