Abstract
This study examines the relationship between user behavior and exposure to information about Privacy-Preserving Search Engines (PPSEs). The research explores whether exposure to positive, neutral, or negative information about privacy practices affects user behavior toward PPSEs. Results show an increase in PPSE awareness post-exposure but no substantial change in usage. Negative news impacts trust, while positive news enhances usability perception. These findings highlight the need for multifaceted strategies to address privacy concerns and promote PPSE adoption.

Abstract
Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern, and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, Behavioral Biometrics (BB) Continuous Authentication (CA) technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), that is based on the user’s keystroke dynamics, using a Multi-Layer Perceptron (MLP). Also, we introduce a new behavioral biometrics collection tool, and we propose a methodology for the selection of an appropriate set of behavioral biometrics. Our system achieved 97.18% Accuracy, 0.02% Equal Error Rate (EER), 97.2% True Acceptance Rate (TAR) and 0.02% False Acceptance Rate (FAR).

Abstract
Privacy policies emerge as the main mechanism to inform users on the way their information is managed by online service providers, and still remain the dominant approach for this purpose. Literature notes that users find difficulties in understanding privacy policies because they are usually written in technical or legal language even, although most users are unfamiliar with them. These difficulties have led most users to skip reading privacy policies and blindly accept them. In an effort to address this challenge this paper presents AppWare, a multiplatform tool that intends to improve the visualization of privacy policies for mobile applications. AppWare formulates a visualized report with the permission set of an application, which is easily understandable by a common user. AppWare aims to bridge the difficulty to read privacy policies and android’s obscure permission set with a new privacy policy visualization model. To validate AppAware we conducted a survey through questionnaire aiming to evaluate AppAware in terms of installability, usability, and viability-purpose. The results demonstrate that AppAware is assessed above average by the users in all categories.

Abstract
Mobile application developers define the terms of use for the applications they develop, which users may accept or declined during installation. Application developers on the one hand seek to gain access to as many user information as possible, while users on the other hand seem to lack awareness and comprehension of privacy policies. This allows application developers to store an enormous number of personal data, sometimes even irrelevant to the application’s function. It’s also common that users choose not to alter the default settings, even when such an option is provided. In combination, the above conditions jeopardize users’ rights to privacy. In this research, we examined the Viber application to demonstrate how effortless it is to discover the identity of unknown Viber users. We chose a pseudorandom sample of 2000 cellular telephone numbers and examined if we could reveal their personal information. We designed an empirical study that compares the reported behavior with the actual behavior of Viber’s users. The results of this study show that users’ anonymity and privacy is easily deprived and information is exposed to a knowledgeable seeker. We provide guidelines addressed to both mobile application users and developers to increase privacy awareness and prevent privacy violations.

Abstract
Information privacy is constantly negotiated when people interact with enterprises and government agencies via the Internet. In this context, all relevant stakeholders take privacy-related decisions. Individuals, either as consumers buying online products and services or citizens using e-government services, face decisions with regard to the use of online services, the disclosure of personal information, and the use of privacy enhancing technologies. Enterprises make decisions regarding their investments on policies and technologies for privacy protection. Governments also decide on privacy regulations, as well as on the development of e-government services that store and process citizens’ personal information. Motivated by the aforementioned issues and challenges, we focus on aspects of privacy decision-making in the digital era and address issues of individuals’ privacy behavior. We further discuss issues of strategic privacy decision-making for online service providers and e-government service providers.

Abstract
Smartphones are the most popular personal electronic devices. They are used for all sorts of purposes, from managing bank accounts to playing games. As smartphone apps and services proliferate, the amount of sensitive data stored on or processed by handheld devices rise as well. This practice entails risks, such as violating users’ privacy, stealing users’ identities, etc. Particularly, stealing an unlocked device grants full access to sensitive data and applications. In this survey, we examine whether users adopt some basic practices to protect their sensitive personal data themselves, or is there a need to further strengthen their protection? Our statistical analysis assesses smartphone users’ security attitudes and practices among different age groups. Finally, we investigate the factors that affect the attitude of users with respect to their practices for the protection of personal data.The results of this study, show that while many smartphone users do take some security precautions, a high percentage (24%) of them still ignores security and privacy risks. In addition, 19,1 % of users do not follow any practices to protect their PINs and Passwords.\r\nKeywords: Mobile Phones, Privacy Risk, Users Attitudes, Survey.

Abstract
Abstract — Mobile phones are one of the most popular means of access to the internet. Users, via the telephone, connect to different services such as: Google, social networks, work accounts, banks accounts, etc. Those services, are many times, left open in their device. This enables risks, such as, loss or/and the violation of their personal data. In addition, in case of device theft after login, full access to sensitive data and applications may be fully granted. The purpose of this research is to analyze the most salient patterns characterizing user practices regarding certain behavioral modalities including: the way of using the various applications, power consumption, touch gestures and guest users’ habits. To this end, we used an original questionnaire, created for the needs of the specific survey, to examine whether we can find some trends among the users. This can give us a qualitative information, for the different behaviors / “characters” of users, in order to be used in further research regarding User’s Continuous Authentication. Keywords — Mobile Phones, Behavioral Modalities, Continuous Authentication, Survey.

Abstract
Members of online social networks are often under an illusion of privacy, underestimating privacy risks related to their personal information published in their profiles. Current literature identifies privacy awareness as a key factor for enhancing user privacy. This paper identifies awareness raising applications and explores the effectiveness of awareness tools and practices currently employed by six popular SNS platforms, through a combined approach of literature review and experimental use. Our findings illustrate that awareness practices differ significantly among platforms and fail to promote awareness. We also show that effective awareness raising tools, such as privacy signalling and visualization applications, are overlooked and propose directions to further enhance privacy awareness mechanisms in SNS platforms.

Abstract
Free mobile applications of cloud computing offer a range of diverse services (e.g. gaming, storage etc.) usally in return for delivering personalized advertising to their consenting end-users. In order to do so they may retain a range of personal information such as location and personal preferences. Thus, privacy-related interactions between service providers and end users are important to be studied as personal data are valuable in a subscription-based cloud system. In this paper, game theory is used as a tool to identify and analyze such interactions in order to understand stakeholder choices, as well as how to improve the quality of the service offered in a cloud computing setting.

Abstract
Abstract. Free mobile applications of cloud computing offer a range of diverse services (e.g. gaming, storage etc.) usally in return for delivering personalized advertising to their consenting endusers. In order to do so they may retain a range of personal information such as location and personal preferences. Thus, privacy-related interactions between service providers and end users are important to be studied as personal data are valuable in a subscription-based cloud system. In this paper, game theory is used as a tool to identify and analyze such interactions in order to understand stakeholder choices, as well as how to improve the quality of the service offered in a cloud computing setting. \r\n\r\nKeywords: Privacy, mobile apps, cloud, game theory, strategic interactions.

Abstract
E-commerce transactions, in addition to the exchange of goods and services for payment, often entail an indirect transaction, where personal data are exchanged for better services or lower prices. This paper analyses buyer’s and seller’s privacy-related strategic choices in e-commerce transactions through game theory. We demonstrate how game theory can explain why buyers mistrust internet privacy policies and relevant technologies (e.g. P3P) and sellers hesitate to invest in data protection.

Abstract
Public Key Infrastructure (PKI) is an established technology that has been around for more than fifteen years. However, its adoption follows a very slow pace. Previous research, based either on a theoretical analysis of PKI or on specific cases of PKI implementation, has indicated several possible reasons for PKI non-adoption. In this paper we examine the effect of specific organizational factors on PKI adoption using empirical data from 14065 European firms collected through the e-Business Watch Survey of the European Commission. We have shown that it is still addressed as innovative technology that requires an innovation culture. Moreover, small and medium –sized firms are rather reluctant to adopt it and it is mostly implemented in firms with a large number of employees and tele-workers. Also, the extensive use of IS for supporting internal functions and cooperation with the external environment (e.g. customers and prospects), and the high dependence on them, are drivers of PKI adoption.

Abstract
Information security awareness is a continuous effort to raise attention to information security and its importance, in order to stimulate securityoriented behaviors. Despite the increasing interest of researchers on the topic and the continuous notifications of global security surveys for its significance, awareness remains a critical issue of information security. Related approaches propose techniques and methods for promoting security without theoretical grounding and separately from the overall information security management framework. The aim of this paper is to suggest a theoretical and methodological framework which facilitates the analysis and understanding of the issues that are intertwined with awareness activities, in order to support the organization’s security management.

Abstract
Compliance to standards is quite important for numerous reasons, including interoperability, conformity assessment etc. However, even though recent surveys indicate that international security standards do gain acceptance and that a continuously increasing number oforganizations adopt them, still the majority do not know them or do not fully implement them. In this paper we facilitate the awareness of security practitioners on ISO security standards and we propose a security framework that is based on them. In order to explain the different layers of the framework and illustrate its applicability we have used as a case study a Payroll and Pensioner Information System.

Abstract
The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the “correct” system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the security requirements is not the same for all involved parties and the security mechanisms that will be implemented do not comply with some globally accepted rules and practices, then the system that will be designed will not necessarily achieve the desired security level and it will be very difficult to securely interoperate with other systems. It is therefore clear that the role and contribution of international standards to the design and implementation of security mechanisms is dominant. In this paper we provide a state of the art review on information security management standards published by the International Organization for Standardization and the International Electrotechnical Commission. Such an analysis is meaningful to security practitioners for an efficient management of information security. Moreover, the classification of the standards in the clauses of ISO/IEC 27001:2005 that results from our analysis is expected to provide assistance in dealing with the plethora of security standards.

Abstract
This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes can be aligned so as to ensure that awareness activities serve the security management strategy and that security management exploits the benefits of an effective awareness effort. To do so, we analyze the processes of security awareness and security management using a process analysis framework and we explore their interactions. The identification of these interactions results in making us able to place awareness in a security management framework instead of viewing it as an isolated security mechanism.

Abstract
This paper presents a framework that enables application developers make use of security expertise. This is succeeded with the help of security ontologies and the employment of security patterns. Through the development of a security ontology developers can locate the major security-related concepts and locate those relevant to the application context. Security patterns provide tested solutions for accommodating security requirements. Finally, the main features of the framework are listed with respect to related work.

Abstract
Application developers are often confronted with difficulties in choosing or embedding security mechanisms that are necessary for building secure applications, since this demands possessing expertise in security issues. This problem can be circumvented by involving security experts early in the development process. This practice, however, entails high costs; moreover communication between developers and security experts is usually problematic and security expertise is difficult to be captured and exploited by developers. This paper proposes that the process of building secure applications can be facilitated through the use of security patterns. It presents a security patterns repository that can provide developers with an effective mechanism to address the issue of incorporating security requirements and mechanisms in application development. The paper also specifies a list of patterns and describes their basic elements. For describing and managing the patterns, the paper proposes a structure that is especially suitable for the case of security patterns. The method followed for developing the security patterns repository entails the employment of a security ontology. Finally, the paper presents a set of exemplary cases where the repository can support the software development process. The paper’s contribution is an enhanced security patterns repository that allows application developers to benefit from the accumulated knowledge and expertise in the area of security, so that they are able to develop secure applications.

Abstract
This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that help them fulfil security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.

Abstract
Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by employing a specialized security ontology. To accomplish this, we describe the security ontology we have developed, and provide a set of indicative questions that developers might face, together with the solutions that ontology deployment provides.

Abstract
Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.

Abstract
This study explores the consequences of the introduction of a security plan into organisations by means of a case study of a non-governmental organisation for the treatment of individuals with drug addiction. The paper mainly focuses on the implications of the application of a security plan to the social system in the organisation. The framework for analysis used for the case study is based on the fundamental tenets of A. Giddens’ structuration theory. Structuration theory can be used as an analysis tool for studying the interplay between social structures and human agency and also provides the framework for taking into account aspects of organisational change. This study contributes to the stream of research on the implications of implementing security plans and policies in the organisational context, which is still in a very early stage.

Abstract
With the rapid growth of the Internet, online voting appears to be a reasonable alternative to conventional elections and other opinion expressing processes. Current research focuses on designing and building “voting protocols” that can support the voting process, while implementing the security mechanisms required for preventing fraud and protecting voter's privacy. However, not much attention has been paid to the administrative part of an electronic voting system that supports the actors of the system. Possible “security gaps” in the administrative workflow may result in deteriorating the overall security level of the system, even if the voting protocol implemented by the system succeeds to fully comply with the security requirements set for voting. To this direction, this paper describes the responsibilities and privileges of the actors involved in the electronic voting process. The description of the role of each actor, together with the clear indication of what each actor is expected - and thus allowed - to do with the system, formulate an operational framework that complements the technological security features of the system and allows us to talk about “secure electronic voting systems”.

Abstract
Electronic Government today focuses mainly on offering citizens and enterprises the capability to perform electronically their transactions with the Public Administration and also on the electronic delivery of the currently existing public services over the Internet. However, the huge potential of ICTs has only to a small extent been exploited in the higher level and most critical functions of Public Administration, such as the development, monitoring and evaluation of public policies and programmes, the decision-making for difficult and complex social problems, or for granting licenses and permissions with high social impact, etc. This paper is dealing with the exploitation of the meth-odologies and technologies of Computer Supported Collaborative Work (CSCW) in these directions. A general functional and technological architecture of a Government to Government (G2G) collaborative environment is de-scribed, for supporting the above high level functions of Public Administration, which has been designed as part of the ICTE-PAN Project. It is based on an ex-tension of the classical Workflow Model, in order to include both ‘Single Per-son Activities’ and ‘Collaborative Activities’, and also on the use of modelling techniques and ontologies, in order to achieve a high level of adaptability to diverse requirements.

Abstract
Security management is now acknowledged as a key constituent of Information Systems (IS) management. IS security management traditionally relies on the formation and application of security policies. Most of the research in this field address issues regarding the structure and content of security policies; whereas the context within which security policies are conceived and developed remains rather unexplored. However, security policies that are formed without taking into account the specific social and organisational environment within which they will be applied, are often proven to be inapplicable or ineffective. In this paper we explore the issues pertaining to the formation of security policies under the perspective of contextualism. Within the framework of contextualism, we study the context, content and process of IS security policies development. This paper aims to contribute to IS security research by bringing forth the issue of context-dependent formation of security policies. In addition, it provides a contextual framework, which we expect to improve the effectiveness of IS security policies development.

Abstract
Research on Information Security has been based on a well-established definition of the subject. Consequently, it has delivered a plethora of methods, techniques, mechanisms and tools to protect the so-called security attributes (i.e. availability, confidentiality and integrity) of information. However, modern Information Systems (IS) appear rather vulnerable and people show mistrust on their ability to deliver the services expected. This phenomenon leads us to the conclusion that information security does not necessarily equal IS security. In this paper, we argue that IS security, contrary to information security, remains a confusing term and a neglected research area. We attempt to clarify the meaning and aims of IS security and propose a framework for building secure information systems, or as we suggest them to be called, viable information systems.

Abstract
The virtual organization is a new form of organization possessing the characteristic of incorporating business units with a high degree of autonomy. This form of organization, which is expected to become the dominant organizational paradigm for the 21st century, strongly depends on the effectiveness of cooperation among the autonomous Information Systems (IS) of each business unit. Developing a security policy and installing security controls for each IS appears as a prerequisite for the survival of the virtual organization, but on the other hand it may severely hinder IS cooperation, as policies and controls often give rise to conflicts and interoperability problems. In this paper, we analyse the problem of managing IS security in multi-policy environments and introduce a Security Policies Management System (SPMS) that facilitates the management of IS security in virtual organizations and supports the resolution of conflicts between security policies.