乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,4,5]],"date-time":"2024-04-05T16:12:52Z","timestamp":1712333572668},"reference-count":69,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2017,10,9]],"date-time":"2017-10-09T00:00:00Z","timestamp":1507507200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,10,9]]},"abstract":"Purpose<\/jats:title>This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.<\/jats:p><\/jats:sec>Findings<\/jats:title>This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation\u2019s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-02-2017-0004","type":"journal-article","created":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T23:14:54Z","timestamp":1503357294000},"page":"454-474","source":"Crossref","is-referenced-by-count":2,"title":["On data leakage from non-production systems"],"prefix":"10.1108","volume":"25","author":[{"given":"Jacqueline","family":"Cope","sequence":"first","affiliation":[]},{"given":"Francois","family":"Siewe","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[]},{"given":"Helge","family":"Janicke","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"4","key":"key2020120605000826500_ref001","doi-asserted-by":"crossref","first-page":"23","DOI":"10.4018\/irmj.2014100102","article-title":"A semantic approach for semi-automatic detection of sensitive data","volume":"27","year":"2014","journal-title":"Information Resources Management Journal"},{"key":"key2020120605000826500_ref002","volume-title":"Personal Data Privacy and Protection in a Surveillance Era: Technologies and Practices: Technologies and Practices","year":"2010"},{"key":"key2020120605000826500_ref003","volume-title":"Five Key Components for Data Masking","author":"Capgemini","year":"2010"},{"key":"key2020120605000826500_ref004","doi-asserted-by":"crossref","first-page":"1015","DOI":"10.1145\/1559845.1559968","article-title":"Anonymized data: generation, models, usage","volume-title":"Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data","year":"2009"},{"key":"key2020120605000826500_ref005","author":"Data Protection Act","year":"1998"},{"key":"key2020120605000826500_ref006","volume-title":"Reinventing Data Masking","author":"Delphix","year":"2015"},{"key":"key2020120605000826500_ref007","volume-title":"Quality, Productivity and Competitive Position","year":"1982"},{"issue":"1","key":"key2020120605000826500_ref008","doi-asserted-by":"crossref","first-page":"412","DOI":"10.1016\/j.dss.2012.05.048","article-title":"Leveraging the capabilities of service-oriented decision support systems: Putting analytics and big data in cloud","volume":"55","year":"2013","journal-title":"Decision Support Systems"},{"key":"key2020120605000826500_ref009","author":"Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data","year":"1995"},{"issue":"1","key":"key2020120605000826500_ref010","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1002\/wics.3","article-title":"Data masking for disclosure limitation","volume":"1","year":"2009","journal-title":"Wiley Interdisciplinary Reviews: Computational Statistics"},{"key":"key2020120605000826500_ref011","volume-title":"MEMO\/12\/41Data Protection Reform: Frequently Asked Questions","author":"European Commission","year":"2012"},{"key":"key2020120605000826500_ref012","volume-title":"Press Release IP\/16\/216 EU Commission and United States Agree on New Framework for Transatlantic Data Flows: EU-US Privacy Shield","author":"European Commission","year":"2016"},{"key":"key2020120605000826500_ref013","volume-title":"Reform of EU Data Protection Rules","author":"European Commission","year":"2016"},{"key":"key2020120605000826500_ref014","volume-title":"Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries","author":"European Commission","year":"2017"},{"issue":"17","key":"key2020120605000826500_ref015","first-page":"arXiv:1601.03921","article-title":"Human behaviour as an aspect of cyber security assurance","volume":"9","year":"2016","journal-title":"Security and Communication Networks"},{"key":"key2020120605000826500_ref016","first-page":"4","article-title":"Data swapping as a decision problem","volume":"21","year":"2005","journal-title":"Journal of Official Statistics"},{"key":"key2020120605000826500_ref017","volume-title":"Experiences of Test Automation: Case Studies of Software Test Automation","year":"2012"},{"key":"key2020120605000826500_ref018","volume-title":"Foundations of Software Testing: ISTQB Certification","year":"2008"},{"key":"key2020120605000826500_ref019","volume-title":"Government Security Classifications","author":"Great Britain Cabinet Office","year":"2014"},{"key":"key2020120605000826500_ref020","volume-title":"Report on the Review of Patient-Identifiable Information (Caldicott Report)","author":"Great Britain Department of Health","year":"1997"},{"key":"key2020120605000826500_ref021","volume-title":"The Information Governance Review","author":"Great Britain Department of Health","year":"2013"},{"key":"key2020120605000826500_ref022","volume-title":"2015 Information Security Breaches Survey Ref: BIS\/15\/302","author":"Great Britain, Department for Business, Innovation and Skills","year":"2015"},{"key":"key2020120605000826500_ref023","volume-title":"The Agile Sketchpad: Understanding Agile\u2019s Core Concepts and Methods[DVD]","year":"2016"},{"key":"key2020120605000826500_ref024","volume-title":"How Your IT Department is Breaking Data Protection Laws","year":"2006"},{"key":"key2020120605000826500_ref025","volume-title":"Using Copies of \u2018Live\u2019 Data in Development and Testing?","year":"2013"},{"key":"key2020120605000826500_ref026","first-page":"244","volume-title":"Statistical Disclosure Control Glossary","year":"2012"},{"key":"key2020120605000826500_ref027","first-page":"63","article-title":"Cyber insiders: a board issue","volume-title":"Cyber Security Review","year":"2014"},{"key":"key2020120605000826500_ref028","volume-title":"Information Warfare: Corporate Attack and Defence in a Digital World","year":"2001"},{"key":"key2020120605000826500_ref029","volume-title":"Data Masking Everywhere","author":"IBM","year":"2013"},{"key":"key2020120605000826500_ref030","volume-title":"What Is Personal Data? \u2013 a Quick Reference Guide","author":"ICO","year":"2012"},{"key":"key2020120605000826500_ref031","volume-title":"Determining What Is Personal Data","author":"ICO","year":"2012"},{"key":"key2020120605000826500_ref032","volume-title":"The Guide to Data Protection","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref033","volume-title":"Sending Personal Data outside the European Economic Area (Principle 8)","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref034","volume-title":"Data Protection Principles","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref035","volume-title":"Key Definitions of the Data Protection Act","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref036","volume-title":"Information Security (Principle 7)","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref037","volume-title":"Preparing for the General Data Protection Regulation (GDPR) 12 Steps to Take Now","author":"ICO","year":"2016"},{"key":"key2020120605000826500_ref038","volume-title":"Best Practices for Ensuring Data Privacy in Production and Nonproduction Systems","author":"Informatica","year":"2011"},{"key":"key2020120605000826500_ref039","article-title":"Anonymity: a formalization of privacy-l-diversity","year":"2013"},{"key":"key2020120605000826500_ref040","first-page":"96","article-title":"The emerging role of data scientists on software development teams","year":"2016"},{"issue":"11","key":"key2020120605000826500_ref041","first-page":"1802","article-title":"A simultaneous application of combinatorial testing and virtualization as a method for software testing","volume":"6","year":"2009","journal-title":"WSEAS Transactions on Information Science and Applications"},{"key":"key2020120605000826500_ref042","first-page":"277","article-title":"Privacy: theory meets practice on the map","volume-title":"IEEE 24th International Conference on Data Engineering","year":"2008"},{"key":"key2020120605000826500_ref043","volume-title":"Data Masking: What You Need to Know - What You Really Need to Know before You Begin","author":"Net2000 Ltd","year":"2010"},{"key":"key2020120605000826500_ref044","volume-title":"Information Management Directions: The Information Challenge Special Publication 500-167","author":"NIST","year":"1989"},{"key":"key2020120605000826500_ref045","volume-title":"Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) Special Publication 800-122","author":"NIST","year":"2010"},{"key":"key2020120605000826500_ref046","volume-title":"Glossary of Key Information Terms","author":"NIST","year":"2013"},{"key":"key2020120605000826500_ref047","doi-asserted-by":"crossref","DOI":"10.1787\/9789264055087-en","volume-title":"OECD Glossary of Statistical Terms","author":"OECD","year":"2008"},{"key":"key2020120605000826500_ref048","volume-title":"Data Security Framework Rev 1.0","author":"Open Data Center Alliance","year":"2013"},{"key":"key2020120605000826500_ref049","volume-title":"Oracle Test Data Management Pack","author":"Oracle Corporation","year":"2013"},{"key":"key2020120605000826500_ref050","volume-title":"Data Masking Best Practice","author":"Oracle Corporation","year":"2013"},{"key":"key2020120605000826500_ref051","author":"Oxford English Dictionary","year":"2011","edition":"3rd ed."},{"key":"key2020120605000826500_ref052","volume-title":"PIN Security Requirements","author":"PCI","year":"2014"},{"key":"key2020120605000826500_ref053","volume-title":"Payment Application Data Security Standard v3.1","author":"PCI","year":"2015"},{"key":"key2020120605000826500_ref054","volume-title":"PCI Security","author":"PCI Security Standards Council","year":"2016"},{"key":"key2020120605000826500_ref055","volume-title":"Managing Catastrophic Loss of Sensitive Data: A Guide for IT and Security Professionals","year":"2011"},{"key":"key2020120605000826500_ref056","first-page":"289","article-title":"Format preserving encryption","volume-title":"Information Security Management Handbook","year":"2012"},{"key":"key2020120605000826500_ref057","volume-title":"Data-as-a-Service: The Next Step in the as-a-Service Journey","year":"2014"},{"key":"key2020120605000826500_ref058","volume-title":"The Complete Book of Data Anonymization: From Planning to Implementation","year":"2013"},{"key":"key2020120605000826500_ref059","author":"Regulation (EU), 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation)","year":"2016"},{"key":"key2020120605000826500_ref060","volume-title":"Understanding and Selecting Data Masking Solutions: Creating Secure and Useful Data","author":"Securosis","year":"2012"},{"key":"key2020120605000826500_ref061","volume-title":"A Survey of Data Leakage Detection and Prevention Solutions","year":"2012"},{"key":"key2020120605000826500_ref062","volume-title":"A \u201cZero Trust\u201d Model for Security. Information Security Management Handbook","year":"2012"},{"key":"key2020120605000826500_ref063","volume-title":"Enterprise Security Architecture: A Business-Driven Approach","year":"2015"},{"key":"key2020120605000826500_ref064","volume-title":"Common Sense Guide to Mitigating Insider Threats","year":"2012","edition":"4th ed"},{"issue":"5","key":"key2020120605000826500_ref065","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1142\/S0218488502001648","article-title":"k-anonymity: a model for protecting privacy","volume":"10","year":"2002","journal-title":"International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems"},{"key":"key2020120605000826500_ref066","volume-title":"Privacy Recommendations on the Use of Live Data in Research, Testing, or Training","author":"United States of America Department of Homeland Security","year":"2012"},{"key":"key2020120605000826500_ref067","volume-title":"Research Methods: The Basics","year":"2010"},{"key":"key2020120605000826500_ref068","volume-title":"The Strategic Management of Information Systems: Building a Digital Strategy","year":"2016"},{"issue":"2","key":"key2020120605000826500_ref069","doi-asserted-by":"crossref","first-page":"14","DOI":"10.4018\/jdm.2003040102","article-title":"Protecting data through \u2018perturbation\u2019 techniques: the impact on knowledge discovery in databases","volume":"14","year":"2003","journal-title":"Journal of Database Management"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2017-0004\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2017-0004\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,1]],"date-time":"2022-08-01T15:30:09Z","timestamp":1659367809000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2017-0004\/full\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,9]]},"references-count":69,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,10,9]]}},"alternative-id":["10.1108\/ICS-02-2017-0004"],"URL":"https:\/\/doi.org\/10.1108\/ics-02-2017-0004","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2017,10,9]]}}}