Approaches to managing the risks of personal data leakage in digital ecosystems
The article examines theoretical and practical aspects of managing risks associated with personal data breaches in modern digital ecosystems characterized by complex architectures and numerous distributed services. The study highlights the role of the digital economy, demonstrating that the growing number of mobile devices, cloud platforms, and IoT devices significantly increases the likelihood of unauthorized access to sensitive information. Key regulatory acts and standards were analyzed, including widely recognized U.S. federal laws (such as the Privacy Act of 1974, the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act, and the Gramm-Leach-Bliley Act) and international standards (ISO/IEC 27001, ISO/IEC 27701). Additionally, various industry-specific guidelines and research articles published in leading scientific journals were examined.
Particular attention is given to information security management systems (ISMS) based on formalized risk assessment methodologies (OCTAVE, CRAMM, ISO/IEC 27005) and modern technologies (DLP, SIEM, IDS/IPS). The findings demonstrate that the most effective approach is a comprehensive one, encompassing organizational, legal, and technical measures, along with the mandatory regular updating of security policies in response to current cyber threats. The analysis underscores the importance of considering industry-specific factors (finance, healthcare, industrial IoT) and the human factor, as the degree of staff involvement and competence often determines the overall effectiveness of protection systems.
In conclusion, it is asserted that achieving reliable protection of personal data requires not only compliance with formal requirements but also continuous monitoring, staff training, and proactive measures against emerging types of attacks. This article is intended for information security professionals, as well as managers and specialists responsible for safeguarding confidential data in organizations operating within digital ecosystems and facing threats of personal data breaches.
Privacy Act of 1974 (5 U.S.C. § 552a), Electronic Communications Privacy Act (18 U.S.C. §§ 2510–2523), Health Insurance Portability and Accountability Act (Pub. L. No. 104-191) и Gramm-Leach-Bliley Act (Pub. L. No. 106–102).
ISO/IEC 27001:2022. Information security, cybersecurity, and privacy protection — Information security management systems — Requirements. Geneva: International Organization for Standardization, 2022.
ISO/IEC 27701:2019. Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines. URL: https://www.iso.org/standard/71670.html (дата обращения: 25.12.2024).
Alekseeva E. N. Digital ecosystems and risk management for personal data protection // Journal of Information Security. – 2020. – No. 3. – Pp. 31–41. URL: https://www.jinfsec.org/articles/digital-ecosystems-and-risk-management (дата обращения: 25.12.2024).
Ali S., Islam M. A comprehensive approach to personal data protection in digital ecosystems based on the Internet of Things // IEEE Access. – 2021. – Vol. 9. – Pp. 12345–12357. DOI: https://doi.org/10.1109/ACCESS.2021.3058234.
Beckers K., Epp F. A. Data-driven risk management in modern IT environments // Computers & Security. – 2021. – Vol. 102. – Article No. 102117. DOI: https://doi.org/10.1016/j.cose.2020.102117.
Dehghantanha A., Conti M., Dargahi T. Cyber threats: Implementing a risk management approach to data protection in digital ecosystems // IEEE Systems Journal. – 2019. – Vol. 13, No. 2. – Pp. 1818–1829. DOI: https://doi.org/10.1109/JSYST.2018.2866925.
Kim M. Risk management approach to personal data leakage in digital health ecosystems // Healthcare Informatics. – 2020. – Vol. 26, No. 2. – Pp. 99–108. DOI: https://doi.org/10.4258/hir.2020.26.2.99.
Kshetri N. Privacy and security issues in big data ecosystems // Journal of Big Data. – 2021. – Vol. 8, No. 1. – P. 4. DOI: https://doi.org/10.1186/s40537-021-00409-9.
Nemchenko A. S., Garmash V. V. Models and methods for managing personal data leakage risks in the context of digitalization // Issues of Cybersecurity. – 2022. – No. 5. – Pp. 45–54. URL: https://cybersecjournal.ru/.
Copyright (c) 2025 International Journal of Engineering and Computer Science
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.