User and infrastructure security and privacy with regard to compliance

Abstract

Nowadays, millions of companies and billions of users worldwide rely on networks either wireless or wired for their daily work and entertainment. Due to the lack of privacy-by-design and the absence of strong security mechanisms, there are multiple ways for malicious users to penetrate networks and systems. Ubiquitous Networking and Global Internet, which has become more portable and accessible than ever before through private and publicly available IT infrastructures, make unauthorized access more feasible. This also generates serious security and privacy concerns due to a number of ensuing cyber threats, especially in case of Internet access via public Wi-Fi networks. In the described context, Internet security should and can play an important role towards protecting our everyday lives and online interactions. Yet, most users are unaware of these threats and the extent to which their privacy might be compromised. Regulations, such as the General Data Protection Regulation (GDPR), have been established to safeguard and improve the privacy and security of users and IT infrastructures, enforcing the installation of adequate cybersecurity measures. The application of regulations such as the GDPR is considered an issue of vital importance protecting the privacy and ensuring the security of IT infrastructures and websites, of data controllers and processors, both inside and outside the European Union. Such regulations may act as a useful toolset, which, among other requirements, mandates the adoption of privacy (and security)-by-design. While the GDPR implies a minimum set of technical Internet Security means to be taken into consideration by companies and organizations to achieve compliance, it is of high importance to highlight the adaptation of strong security mechanisms that will not only set companies compliant with the GDPR but also maintain them strong and resilient against multiple cyber threats. In the present thesis, a big set of issues on privacy and security are analyzed, offering solutions to the numerous problems that companies and single users face either at work or in a recreational setting on a day to day basis. As a case study, in-depth IT security and privacy concerns regarding the National Library of Greece and the Greek Libraries Network of the National Library of Greece were examined, based on international regulatory and IT security standards. Moreover, the adaptation of security mechanisms regarding Text and Data Mining (TDM) technologies is described as a technological option, focusing on the TDM deployed by the National Library of Greece alongside some considerations for applied Internet Security solutions that take into account GDPR requirements. Furthermore, the implementation of IT infrastructures and websites with regards to cybersecurity and the GDPR is promoted. This sets the standards for compliant infrastructures and entities with regulations but also maintains them strong and resilient against most cyber threats. Lastly, in the context of examining security issues regarding Internet access from public Wi-Fi networks, a profound evaluation and analysis of a corpus of approximately one million collected passwords from Wi-Fi networks was conducted for the first time. Τhe data collected are compared against private password databases from previous research, in order to identify similarities and differences, underlying how convenience outweighs consequence, with a special reference to how people use their mobile devices, and consequently, explaining security naivety.