Title | PAVSS: Privacy Assessment Vulnerability Scoring System |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Foreman, Zackary, Bekman, Thomas, Augustine, Thomas, Jafarian, Haadi |
Conference Name | 2019 International Conference on Computational Science and Computational Intelligence (CSCI) |
Keywords | consumer information, cybersecurity experts, Data Breach, data privacy, Data security, Expert Systems and Privacy, fair information practice principles, Federal Trade Commission, Human Behavior, human factors, online platform, online so cial networks, online sources, PAVSS, privacy, Privacy assessment, Privacy Assessment Vulnerability Scoring System, privacy attacks, privacy-breach vulnerability, private data, pubcrawl, Scalability, security of data, Social Engineering, social networking (online), stored data, Twitter, Twitter data |
Abstract | Currently, the guidelines for business entities to collect and use consumer information from online sources is guided by the Fair Information Practice Principles set forth by the Federal Trade Commission in the United States. These guidelines are inadequate, outdated, and provide little protection for consumers. Moreover, there are many techniques to anonymize the stored data that was collected by large companies and governments. However, what does not exist is a framework that is capable of evaluating and scoring the effects of this information in the event of a data breach. In this work, a framework for scoring and evaluating the vulnerability of private data is presented. This framework is created to be used in parallel with currently adopted frameworks that are used to score and evaluate other areas of deficiencies within the software, including CVSS and CWSS. It is dubbed the Privacy Assessment Vulnerability Scoring System (PAVSS) and quantifies the privacy-breach vulnerability an individual takes on when using an online platform. This framework is based on a set of hypotheses about user behavior, inherent properties of an online platform, and the usefulness of available data in performing a cyber attack. The weight each of these metrics has within our model is determined by surveying cybersecurity experts. Finally, we test the validity of our user-behavior based hypotheses, and indirectly our model by analyzing user posts from a large twitter data set. |
DOI | 10.1109/CSCI49370.2019.00034 |
Citation Key | foreman_pavss_2019 |