Notification: Our email services are now fully restored after a brief, temporary outage caused by a denial-of-service (DoS) attack. If you sent an email on Dec 6 and haven't received a response, please resend your email.
CFP last date
20 December 2024
Reseach Article

A Methodology for Network Security Infrastructure according to the New Brazilian General Law for Personal Data Protection

by Luis Fellipe Castro Silva, Samyr B. Vale
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 17
Year of Publication: 2021
Authors: Luis Fellipe Castro Silva, Samyr B. Vale
10.5120/ijca2021921520

Luis Fellipe Castro Silva, Samyr B. Vale . A Methodology for Network Security Infrastructure according to the New Brazilian General Law for Personal Data Protection. International Journal of Computer Applications. 183, 17 ( Jul 2021), 1-8. DOI=10.5120/ijca2021921520

@article{ 10.5120/ijca2021921520,
author = { Luis Fellipe Castro Silva, Samyr B. Vale },
title = { A Methodology for Network Security Infrastructure according to the New Brazilian General Law for Personal Data Protection },
journal = { International Journal of Computer Applications },
issue_date = { Jul 2021 },
volume = { 183 },
number = { 17 },
month = { Jul },
year = { 2021 },
issn = { 0975-8887 },
pages = { 1-8 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume183/number17/32015-2021921520/ },
doi = { 10.5120/ijca2021921520 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:17:02.638742+05:30
%A Luis Fellipe Castro Silva
%A Samyr B. Vale
%T A Methodology for Network Security Infrastructure according to the New Brazilian General Law for Personal Data Protection
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 17
%P 1-8
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The General Law on Protection of Personal Data - LGPD (Law No. 13,709/2018) is a new Brazilian law that deals with the management of personal data of third parties, carried out by people, companies, and institutions. This legal provision requires that these data be protected by all necessary technical means, imposing a set of sanctions on the Organization. Due to the lack of a reference methodology for implementing the protection requirements defined in the Law, this work proposes one that provides a basis for constructing the network architecture supported by the most common models and applying a security policy to computer network infrastructures.

References
  1. Dedy Achmadi, Yohan Suryanto, and Kalamullah Ramli. On developing information security management system (isms) framework for iso 27001-based data center. In 2018 International Workshop on Big Data and Information Security (IWBIS), pages 149–157. IEEE, 2018.
  2. Monowar H Bhuyan, Dhruba K Bhattacharyya, and Jugal K Kalita. Alert management and anomaly prevention techniques. In Network Traffic Anomaly Detection and Prevention, pages 171–199. Springer, 2017.
  3. Brasil. Lei nº 13.709, de 14 de agosto de 2018.
  4. Paulino Calderon. Nmap: Network Exploration and Security Auditing Cookbook. Packt Publishing Ltd, 2017.
  5. California. California consumer privacy act, 2018. Dispon´ıvel em:https://oag.ca.gov/privacy/ccpa, Acesso em: 02/01/2020.
  6. CERT.br. Estat´ısticas dos incidentes reportados ao cert.br, 2020.
  7. Vasiliki Diamantopoulou, Aggeliki Tsohou, and Maria Karyda. General data protection regulation and iso/iec 27001: 2013: synergies of activities towards organisations’ compliance. In International Conference on Trust and Privacy in Digital Business, pages 94–109. Springer, 2019.
  8. Qi Duan and Ehab Al-Shaer. Traffic-aware dynamic firewall policy management: techniques and applications. IEEE Communications Magazine, 51(7):73–79, 2013.
  9. European Union. Regulation (eu) 2016/679 of the european parliament and of the council of 27 of april 2016, 2016. Dispon´ıvel em:https://gdpr-info.eu/art-1-gdpr/, Acesso em: 22/01/2020.
  10. Michael Goodrich and Roberto Tamassia. Introduction to Computer Security: Pearson New International Edition. Pearson Higher Ed, 2013.
  11. Nazrul Hoque, Monowar H Bhuyan, Ram Charan Baishya, Dhruba K Bhattacharyya, and Jugal K Kalita. Network attacks: Taxonomy, tools and systems. Journal of Network and Computer Applications, 40:307–324, 2014.
  12. Carol Hsu, Tawei Wang, and Ang Lu. The impact of iso 27001 certification on firm performance. In 2016 49th Hawaii International Conference on System Sciences (HICSS), pages 4842–4848. IEEE, 2016.
  13. ISO. ISO/IEC 27001:2013. Standard, International Organization for Standardization, Geneva, CH, October 2013.
  14. Muhammad Taher Jufri, Mokhamad Hendayun, and Toto Suharto. Risk-assessment based academic information system security policy using octave allegro and iso 27002. In 2017 Second International Conference on Informatics and Computing (ICIC), pages 1–6. IEEE, 2017.
  15. Isabel Maria Lopes, Teresa Guarda, and Pedro Oliveira. How iso 27001 can help achieve gdpr compliance. In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), pages 1–6. IEEE, 2019.
  16. Nour Moustafa and Jill Slay. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In 2015 military communications and information systems conference (MilCIS), pages 1–6. IEEE, 2015.
  17. Kartika Rianafirin and Mochamad Teguh Kurniawan. Design network security infrastructure cabling using network development life cycle methodology and iso/iec 27000 series in yayasan kesehatan (yakes) telkom bandung. In 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), pages 1–6. IEEE, 2017.
  18. Sagar Samtani, Shuo Yu, Hongyi Zhu, Mark Patton, and Hsinchun Chen. Identifying scada vulnerabilities using passive and active vulnerability assessment techniques. In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pages 25–30. IEEE, 2016.
  19. Karen Scarfone and Peter Mell. Guide to intrusion detection and prevention systems (idps). Technical report, National Institute of Standards and Technology, 2012.
  20. Serpro. Empresas est˜ao ou n˜ao preparadas para atender a lgpd?, 2019.
  21. United Kingdom. Data protection act 2018, 2018. Dispon´ıvel em:https://www.gov.uk/data-protection, Acesso em: 22/01/2020.
  22. Varonis. 2018 global data risk report from the varonis data lab, 2018.
  23. John Wack, Ken Cutler, and Jamie Pole. Guidelines on firewalls and firewall policy. Technical report, BOOZALLEN AND HAMILTON INC MCLEAN VA, 2002.
Index Terms

Computer Science
Information Sciences

Keywords

Methodology security firewall GDPR data protection