ASPIDA: A client-oriented platform for assessing websites security practices adoption and reward
Ημερομηνία
2021Γλώσσα
en
Λέξη-κλειδί
Επιτομή
The adoption of good security practices for the e-commerce business is a challenging problem. The enforcement of a strict legal framework is not always effective. On the other hand, simple recommendations and raising awareness actions are not sufficient to prioritize the necessity of secure e-commerce websites. Our approach is a combination of self-assessment, self-improvement and self-regulation incentivization activities, implemented in the observAtory for Security and PrIvacy DAta (ASPIDA) system. To minimize security and privacy issues in commercial websites and e-shops, we propose a hybrid, multi-dimensional methodology to gather, monitor and analyze various indicators and metrics, into an integrated system. Although several interesting efforts have been developed for monitoring compliance with basic cybersecurity principles, their implementation is limited without any stimulus for the participants. ASPIDA automatically analyzes a set of technical security and privacy characteristics of commercial websites and correlates the output with the results of questionnaires answered by the respective owners, web-developers and webadministrators. Positive evaluation in the automatic testing and participation in the e-commerce cybersecurity survey generates a digital badge of good practices for the specific website. The digital badge is a premium for informed e-buyers that are aware of the impact of recent catastrophic security incidents and the importance of personal data. © 2021 IEEE.
Collections
Related items
Showing items related by title, author, creator and subject.
-
A framework for secure data delivery in wireless sensor networks
Perlepes, L.; Zaharis, A.; Stamoulis, G.; Kikiras, P. (2012)Typical sensor nodes are resource constrained devices containing user level applications, operating system components, and device drivers in a single address space, with no form of memory protection. A malicious user could ... -
Voice interactive personalized security (VoIPSEC) protocol: Fortify internet telephony by providing end-to-end security through inbound key exchange and biometric verification
Kopsidas, S.; Zisiadis, D.; Tassiulas, L. (2006)Secure end-to-end information exchange is a constant challenge in electronic communications. Novel security architectures and approaches are proposed constantly, to be followed by announcements of sophisticated attack ... -
Multi-screen lock: Visual passwords from user’s social data
Tsoukas V., Gkogkidis A., Kakarountas A., Giannakas G. (2019)A critical issue for a mobile device user is the protection of stored sensitive data and their access, via the device. A widely used technique for protecting the mobile device with a display is the lock screen. Many security ...