Purpose: The enforcement of the General Data Protection Regulation imposes specific privacy- and -security related requirements that any organisation that processes European Union citizens’ personal data must comply with. The application of privacy- and security-by-design principles are...

Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation...

Purpose – The purpose of this paper is to investigate the effects of four types of “soft” information and communication technologies (ICT) capital related to ICT knowledge and skills (ICT personnel, ICT training of ICT personnel and users, ICT unit) on the innovation performance of Greek...

Purpose: The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a...

Purpose The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible risk–investment relationships and to reason about them. The overall success of an information security system...

Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to...

This book provides the first step towards narrowing the gap between security and software engineering. This book introduces the field of secure software engineering, which is a branch of research investigating the integration of security concerns into software engineering practices. This book...

"This book provides coverage of recent advances in the area of secure software engineering that address the various stages of the development process from requirements to design to testing to implementation"--Provided by publisher.

This book constitutes the thoroughly refereed proceedings of five international workshops held in Ljubljana, Slovenia, in conjunction with the 28th International Conference on Advanced Information Systems Engineering, CAiSE 2016, in June 2016. The 16 full and 9 short papers were carefully...