Εκπαίδευση - Σπουδές

  • Μεταδιδακτορική ερευνήτρια (Postdoctoral Researcher), Πανεπιστήμιο Αιγαίου, Πολυτεχνική Σχολή, Τμήμα Μηχανικών Πληροφοριακών και Επικοινωνιακών Συστημάτων.
  • Μεταδιδακτορική ερευνήτρια (Postdoctoral Researcher), University of Brighton, School of Computing, Engineering and Mathematics, UK. Αντικείμενο έρευνας «Privacy and Security of Information Systems in Electronic Governance»
  • Διδακτορικό Δίπλωμα, Τμήμα Μηχανικών Πληροφοριακών και Επικοινωνιακών Συστημάτων, Πανεπιστήμιο Αιγαίου, Τίτλος Διδακτορικής Διατριβής: «Η Επίδραση του Τεχνολογικού και Ανθρώπινου Κεφαλαίου Πληροφορικής και Επικοινωνιών στην Καινοτομική Δραστηριότητα των Επιχειρήσεων», Γνωστικό Αντικείμενο: «Πληροφοριακά Συστήματα»
  • Μεταπτυχιακό Δίπλωμα Ειδίκευσης Τεχνολογίες και Διοίκηση Πληροφοριακών και Επικοινωνιακών Συστημάτων» στην κατεύθυνση «Διοίκηση Πληροφοριακών Συστημάτων», Τμήμα Μηχανικών Πληροφοριακών και Επικοινωνιακών Συστημάτων, Πανεπιστήμιο Αιγαίου
  • Δίπλωμα, Τμήμα Μηχανικών Σχεδίασης Προϊόντων και Συστημάτων, Πανεπιστήμιο Αιγαίου

Ερευνητικά Ενδιαφέροντα

  • Θέματα Ιδιωτικότητας και Ασφάλειας Πληροφοριακών Συστημάτων
  • Πληροφοριακά Συστήματα
  • Ηλεκτρονική Διακυβέρνηση
  • Ολοκληρωμένα Συστήματα Διαχείρισης Επιχειρησιακών Πόρων (ERPs)
  • Διοίκηση Πληροφοριακών Συστημάτων

Διδασκαλία

Δημοσιεύσεις σε Διεθνή Περιοδικά (Journals)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
C. Kalloniatis, V. Diamantopoulou, K. Kotis, C. Lyvas, K. Maliatsos, M. Gay, A. G. Kanatas, C. Lambrinoudakis, Towards the design of an assurance framework for increasing security and privacy in connected vehicles, International Journal of Internet of Things and Cyber-Assurance, Vol. 1, No. 3-4, pp. 244-266, 2020, Inderscience Enterprises Ltd.,
G. Kavalieratos, V. Diamantopoulou, S. K. Katsikas, Shipping 4.0: Security requirements for the Cyber-Enabled Ship, SS on Security and Privacy in Industry 4.0 - IEEE Transactions on Industrial Informatics, Vol. 16, No. 10, pp. 6617 - 6625, 2020, IEEE, (to_appear), https://ieeexplore.ieee.org/xpl/RecentIs..., indexed in SCI-E, IF = 7.377
 

Abstract
The Cyber-Enabled Ship (C-ES) is either an autonomous or a remotely controlled vessel which relies on interconnected cyber physical-systems (CPS) for its operations. Such systems are not well protected against cyber attacks. Considering the criticality of the functions that such systems provide, it is important to address their security challenges, thereby ensuring the ship's safe voyage. In this work we leverage the Maritime Architectural Framework reference architecture to analyze and describe the environment of the C-ES. We then apply the Secure Tropos methodology to systematically elicit the security requirements of the three most vulnerable CPSs onboard a C-ES, namely the Automatic Identification System (AIS), the Electronic Chart Display Information System (ECDIS) and the Global Maritime Distress and Safety System (GMDSS). The outcome is a set of cyber security requirements for the C-ES ecosystem in general and these systems in particular.

V. Diamantopoulou, A. Androutsopoulou, S. Gritzalis, Y. Charalabidis, Preserving Digital Privacy in e-Participation Environments: Towards GDPR Compliance, Information - Special Issue "Security Requirements Engineering: Designing Secure Socio-Technical Systems", pp. 1–27, 2020, MDPI, https://www.mdpi.com/journal/information...
 

Abstract
The application of the General Data Protection Regulation (GDPR) 2016/679/EC, the Regulation for the protection of personal data, is a challenge and must be seen as an opportunity for the redesign of the systems that are being used for the processing of personal data. An unexplored area where systems are being used to collect and process personal data are the e-Participation environment. The latest generations of such environments refer to sociotechnical systems based on the exploitation of the increasing use of Social Media, by using them as valuable tools, able to provide answers and decision support in public policy formulation. This work explores the privacy requirements that GDPR imposes in such environments, contributing to the identification of challenges that e-Participation approaches have to deal with, with regard to privacy protection.

V. Diamantopoulou, A. Tsohou, M. Karyda, From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR Compliance Controls, Information and Computer Security, Vol. 28, No. 4, 2020, Emerald, https://www.emerald.com/insight/content/...
 

Abstract
Purpose – This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended in order to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this work i) as a basis for extending the already existing security control modules towards data protection; ii) as guidance for reaching compliance with the Regulation. Design/methodology/approach – This study has followed a two-step approach; First synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013, and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, we identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings – The findings of this work include i) the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; ii) the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; iii) the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value – This work provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

C. Kalloniatis, V. Diamantopoulou, K. Kotis, C. Lyvas, K. Maliatsos, M. Gay, A. G. Kanatas, C. Lambrinoudakis, Towards the design of an assurance framework for increasing security and privacy in Connected Vehicles, International Journal of Internet of Things and Cyber-Assurance, 2019, Inderscience Publishers, (to_appear), https://www.inderscience.com/jhome.php?j...
 

Abstract
Intelligent Transport Systems (ITS) play a key role in our daily activities. ITS development over the last decades has been based on the rapid evolution of information and communication technologies (ICT), which include processing capabilities, availability of hardware and communication technologies. Moreover, ITS use ICT to improve sustainability, efficiency, innovation and safety of transportation networks helping towards better management of transportation networks with the use of advanced technologies, which in turn facilitate monitoring and management of information. However, as the development of ITS services increases so does the users' awareness regarding the degree of trust that they demonstrate on adopting this kind of services. The later has brought to light several security and privacy concerns that ITS analysts should consider when designing and implementing various IT related services. This paper moves into this direction by identifying how risk analysis can interact with security and privacy requirements’ engineering world, in order to provide a holistic approach for reasoning about security and privacy in such complex environments like ITS systems. The key contribution of the paper is the conceptual alignment of three well-known methods (EBIOS, Secure Tropos and PriS) as the first step towards the design of a complete assurance framework that will support analysts in designing and consequently implementing secure and trustworthy ITS services.

M. Salnitri, K. Angelopoulos, M. Pavlidis, V. Diamantopoulou, C. Mouratidis, P. Giorgini, Modelling the Interplay of Security, Privacy and Trust in Sociotechnical Systems: A Computer-Aided Design Approach, Journal of Software and Systems Modeling, 2019, Springer, https://link.springer.com/journal/10270, indexed in SCI-E, IF = 1.722
 

Abstract
Personal data has become a central asset for multiple enterprise applications and online services offered by private companies, public organisations or a combination of both. The sensitivity of such data and the continuously growing legislation that accompanies their management dictate the development of methods that allow the development of more secure, trustworthy software systems with focus on privacy protection. In this work we propose a method that combines two modelling approaches to cover both early and late requirements specification, giving emphasis on security, privacy and trust. The novelty of our proposal is that it provides the means for software designers and security experts to analyse the system-to-be from multiple aspects, starting from identifying high level goals to the definition of business process composition, and\\r\\nelicitation of mechanisms to fortify the system from external threats. Our approach, which is supported by two CASE tools, demonstrates its application to a real-world case study.

V. Diamantopoulou, C. Mouratidis, Practical Evaluation of a Reference Architecture for the Management of Privacy Level Agreements, Information and Computer Security, 2019, Emerald, http://www.emeraldgrouppublishing.com/pr...
 

Abstract
With the enforcement of the General Data Protection Regulation, any entity seeking compliance to specific privacy- and security-related requirements, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for any such entity processing EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new Regulation could be the use of a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management. To this aim, two different domains have been selected acting as real-life case studies, the public administration and the healthcare, where special categories of personal data is processed. The results of this evaluation are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances Data Subjects’ trust.

V. Diamantopoulou, C. Mouratidis, Applying the Physics of Notation to the Evaluation of a Security and Privacy Requirements Engineering Methodology, Information and Computer Security, Vol. 26, No. 4, pp. 382-400, 2018, Emerald Publishing Limited, https://www.emeraldinsight.com/eprint/bx...
 

Abstract
Security and Privacy Requirements Engineering Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably need to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering Methodology, namely Secure Tropos, on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

C. Mouratidis, V. Diamantopoulou, A Security Analysis Method for Industrial Internet of Things, Applied Cryptography, Security, and Trust Computing for Industrial Internet-of-Things, Vol. 14, No. 9, pp. 4093-4100, 2018, IEEE Transactions on Industrial Informatics, https://ieeexplore.ieee.org/abstract/doc..., indexed in SCI-E, IF = 6.764
 

Abstract
The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels, design/modelling and runtime/simulation. Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate its applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.

V. Diamantopoulou, A. Androutsopoulou, Y. Charalabidis, Towards a Taxonomy of Services Offered by Start-up business Incubators: Insights from the Mediterranean Region, International Journal of Entrepreneurship and Small Business, Vol. 33, No. 4, pp. 494-513, 2017, Inderscience Publishers
 

Abstract
Business incubation aims at stimulating entrepreneurship and nurturing ideas to transform them to viable ventures and drive economic growth. Since the emergence of the concept, some decades ago, the incubation process and its underlying services have been evolved, while incubators around the world are continuously increasing. These incubators vary according to their type, operation model and specialisation. The aim of this paper is to define a comprehensive framework that serves as a basis for the categorisation of all services that can be part of the incubation process. The proposed taxonomy, comprised of 8 core service categories, has then been applied on ten University associated incubators from the Mediterranean region, since the various socio-economic conditions encountered there, cause particular interest in the prospect of entrepreneurship. An indicative sample of five European, Middle East and North African countries (i.e. Italy, Greece, Turkey, Israel, Egypt) has been defined, with the Mediterranean Sea uniting them and shaping their unique characteristics. We selected to focus on the University incubators from this area as they bridge the innovation potential of research and academia communities with the real business world and can underpin a sustainable and robust entrepreneurship model. By mapping the sample with the categories of services they offer, we intended to find out how they differentiate from other types of incubators. It was concluded that University incubators fall shorter only in the provision of administrative services in relation to the typical incubators. However, the purpose of this framework is to be further used as a tool both for policy makers’ and support their resource allocation decisions and help the internal stakeholders of incubator activities identify and adopt best practice models.

S. Arvanitis, E. Loukis, V. Diamantopoulou, Are ICT, Workplace Organization and Human Capital Relevant for Innovation? A Comparative Study Based on Swiss and Greek Micro Data, International Journal of the Economics of Business, Vol. 23, No. 3, pp. 319-349, 2016, Taylor & Francis
 

Abstract
This paper investigates and compares the relationships for Swiss and Greek firms between indicators for the intensity of use of modern information and communications technologies (ICT), several forms of workplace organization, and human capital, on the one hand, and several measures of innovation performance at firm level, on the other hand. For the Swiss firms, we find that ICT contribute to innovation activities (a) as enablers of process innovation (but not of product innovation) and (b) as means for increasing the efficiency of the R&D process. The organizational variables for “work design” and “employee voice” show significant positive correlations for most innovation indicators. Human capital matters primarily for R&D activities. The findings for the Greek firms indicate positive correlations of ICT with product and process innovation and of new “work design” with product innovation and R&D. No correlation of human capital with innovation could be found. No complementarities for the three factors with respect to innovation performance could be detected in either country.

L. Spiliotopoulou, Y. Charalabidis, E. Loukis, V. Diamantopoulou, A framework for advanced social media exploitation in government for crowdsourcing, Transforming Government: People, Process and Policy, Vol. 8, No. 4, pp. 545-568, 2014, Emerald
 

Abstract
Purpose – This paper aims to develop and evaluate, in “real-life” pilot applications, a framework for advanced social media exploitation by government agencies in their policy-making processes to promote public participation and conduct crowdsourcing. Design/methodology/approach – This framework has been developed through cooperation with public sector employees experienced in public policy-making, using both qualitative and quantitative techniques: semi-structured focus group discussions, scenarios development and questionnaire surveys. The evaluation of the framework has been conducted through semi-structured focus group discussions with public sector employees involved in the pilot applications. Findings – A framework has been developed for advanced social media exploitation by government agencies, which is based on the automated posting of policy-related content to multiple social media, and then retrieval and processing of citizens’ interactions with it (e.g. views, likes, comments and retweets), using the application programming interfaces (API) of these social media. Furthermore, a supporting information and communication technologies (ICT) infrastructure and an application process model for it were developed. Its evaluation, based on “real-life” pilot applications, leads to useful insights concerning its capabilities, strengths and weaknesses. Research limitations/implications – The proposed framework has been evaluated in a small number of pilot applications, so further evaluation of it is required, in various types of government agencies and for different kinds of policy consultations. Practical/Implications – The above framework enables government agencies to communicate with wider and more heterogeneous audiences in a short time and at a low cost, increase public participation in their policy-making processes, collect useful knowledge, ideas and opinions from citizens and, finally, design better, more socially rooted, balanced and realistic policies. Originality/value – This research contributes to the development of knowledge concerning advanced practices for effective social media exploitation in government (which is currently limited, despite the considerable relevant knowledge developed in this area for the private sector), by developing and evaluating a framework for advanced and highly automated exploitation of multiple social media by government agencies. Furthermore, an evaluation methodology for such practices has been developed, which is based on sound theoretical foundations.

S. Arvanitis, E. Loukis, V. Diamantopoulou, The Effect of Soft ICT Capital on Innovation Performance of Greek Firms, Journal of Enterprise Information Management, Vol. 26, No. 6, pp. 679-701, 2013, Emerald, indexed in SCI-E, IF = 2.126
 

Abstract
Purpose – The purpose of this paper is to investigate the effects of four types of “soft” information and communication technologies (ICT) capital related to ICT knowledge and skills (ICT personnel, ICT training of ICT personnel and users, ICT unit) on the innovation performance of Greek firms. Furthermore, the paper compares these effects with the ones of the hard ICT capital and also of four important “traditional” innovation determinants identified from previous research in this area (demand expectation, price and non-price competition, market concentration). Design/methodology/approach – A quantitative methodology has been adopted for investigating the above effects, based on the estimation of regression models. Using data collected through a survey based on a structured questionnaire from 271 Greek firms, innovation models have been estimated, having as independent variables measures of hard ICT capital, the examined four types of soft ICT capital and also the above traditional innovation determinants. Findings – The paper has been concluded that in the innovation averse Greek national context the examined traditional innovation determinants have very low impact on firms’ innovation performance, however, on the contrary both hard ICT capital, and three out of the four examined types of soft ICT capital (ICT personnel, ICT training of ICT personnel and users) have positive impact on both process and product/services innovation. Furthermore, it has been found that the total effect of these three knowledge and skills related types of soft ICT capital on innovation performance is stronger than the effect of the hard ICT capital. Research limitations/implications – The main limitations of the paper are that it uses simple innovation performance measures (not distinguishing between different types of innovations), and also is based on firm-level data collected from a single country. The paper has interesting implications for future research on the impact of the relation between ICT and innovation, which should not any more neglect the soft ICT capital, but consider various types of both hard and soft ICT capital. Practical implications – The results of the paper can be useful to firms’ chief information officers and chief executive officers and also to consultants and practitioners interested in maximizing the exploitation of the innovation potential of ICT, in order to understand the hard and soft aspects of ICT that have to be developed for this purpose and optimize firms’ ICTrelated investment. Originality/value – The limited previous empirical literature concerning the effect of ICT on innovation focus on the hard ICT capital (mainly on ICT equipment) and neglect the role of the soft ICT capital. The paper contributes to fill this research gap, by examining the effects of three types of ICT capital, and also – for comparison and regression models’ completeness purposes – of hard ICT capital and of four traditional innovation determinants, on firms’ innovation performance.

S. Arvanitis, E. Loukis, V. Diamantopoulou, New Technologies and Traditional Innovation Determinants in the Greek Economy, Journal of Balkan and Near Eastern Studies, Vol. 15, No. 4, pp. 434–458, 2013, Taylor & Francis, Routledge, indexed in SCI-E, IF = 0.616
 

Abstract
It is widely recognized that the recent economic crisis in Greece is due not only to excessive government spending and tax evasion, but also to the low competitiveness of its economy. Innovation has become of critical importance for the competitiveness of firms, sectors and countries in the modern economy. This paper presents an empirical study of the ‘new’ innovation determinants based on information and communication technologies (ICT) and also of the ‘traditional’ innovation determinants in the Greek economy. In particular, it investigates the impact of three different ICT (internal information systems (IS), e-sales and e-procurements) and also of six important traditional innovation determinants identified by previous relevant research (four ‘external’ ones—demand expectation, price and non-price competition, market concentration—and two ‘internal’ ones—investment in research and development (R&D) and firm size), on the innovation performance of Greek firms. It is based on firm-level data collected through a survey of 271 Greek firms before the start of the economic crisis, which have been used for the estimation of regression models. It is concluded that in the Greek ‘innovation-averse’ national context (characterized by low level of innovation and uncertainty avoidance culture) none of the examined external (market-related) traditional innovation determinants has an impact on product or process innovation of firms, while on the contrary the internal ones, R&Dexpenditure per employee and size, affect positively both. Furthermore, the examined new technologies seem to be important drivers of innovation: it is concluded that the internal IS have a positive impact on both product and process innovation, the e-sales only on process innovation, but the e-procurement on none. Our results indicate the high potential of ICTas innovation drivers even in such innovation-averse and lower economic development contexts, which, however, vary between different types of ICT.

Επιστημονικά Συνέδρια (Conferences)


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


V. Diamantopoulou, C. Kalloniatis, C. Lyvas, K. Maliatsos, M. Gay, A. G. Kanatas, C. Lambrinoudakis, Aligning the Concepts of Risk, Security and Privacy towards the design of Secure Intelligent Transport Systems, SECPRE 2020 4th International Workshop on SECurity and Privacy Requirements, in conjunction with ESORICS 2020, J. Mylopoulos, C. Kalloniatis, (eds), Sep, 2020, online - covid-19, Springer LNCS, http://samosweb.aegean.gr/secpre2020/
 

Abstract
Intelligent Transport Systems (ITS) play a key role in our daily activities. ITS development over the last decades has been based on the rapid evolution of information technologies, which include processing capabilities, availability of hardware and communication technologies. Moreover, ITS use Information and Communication Technologies (ICT) to improve sustainability, efficiency, innovation and safety of transportation networks helping towards better management of transportation networks with the use of advanced technologies, which facilitate monitoring, and management of information. However, as the development of ITS services increases so does the users' awareness regarding the degree of trust that they show on adopting this kind of services. The later has brought to light several security and privacy concerns that ITS analysts should consider when implementing various IT related services. This paper moves into this direction by identifying how risk analysis can interact with security and privacy requirements engineering world, in order to provide a holistic approach for reasoning about security and privacy in such complex environments like ITS systems. The key contribution of the paper is the conceptual alignment of three well-known methods (EBIOS, Secure Tropos and PriS) as the fi rst step towards the design of a complete assurance framework that will assist analysts in designing safe and trustworthy ITS services.

[2]
V. Diamantopoulou, C. Kalloniatis, C. Kalyvas, K. Maliatsos, M. Gay, A. G. Kanatas, C. Lambrinoudakis, Aligning the Concepts of Risk, Security and Privacy towards the design of Secure Intelligent Transport Systems, SECPRE 2020 4th International Workshop on SECurity and Privacy Requirements, in conjunction with ESORICS 2020, Sep, 2020, on-line due to covid19,
V. Diamantopoulou, A. Tsohou, M. Karyda, From ISO/IEC 27002:2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance, SECPRE 2019 3rd International Workshop on SECurity and Privacy Requirements, in conjunction with ESORICS 2019 Engineering, J. Mylopoulos, C. Kalloniatis, (eds), Sep, 2019, Luxemburg, Springer LNCS, http://samosweb.aegean.gr/secpre2019/
 

Abstract
With the enforcement of the General Data Protection Regulation (GDPR) in EU, organisations must make adjustments in their business processes and apply appropriate technical and organisational measures to ensure the protection of the personal data they process. Further, organisations need to demonstrate compliance with GDPR. Organisational compliance demands a lot of effort both from a technical and from an organisational perspective. Nonetheless, organisations that have already applied ISO27k standards and employ an Information Security Management System and respective security controls need considerably less effort to comply with GDPR requirements. To this end, this paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended in order to adequately meet, if/where possible, the data protection requirements that the GDPR imposes. Thus, an organisation that already follows ISO/IEC 27001:2013, can use this work as a basis for compliance with the GDPR.

V. Diamantopoulou, A. Tsohou, M. Karyda, General Data Protection Regulation and ISO/IEC 27001:2013: Synergies of activities towards organisations, TrustBus 2019 16th International Conference on Trust, Privacy and Security in Digital Business, S. Katsikas, S. Gritzalis, E. R. Weippl, (eds), Aug, 2019, Linz, Austria, Springer LNCS, http://www.dexa.org/trustbus2019
 

Abstract
The General Data Protection Regulation that is already in effect for about a year now, provisions numerous adjustments and controls that need to be implemented by an organisation in order to be able to demonstrate that all the appropriate technical and organisational measures have been taken to ensure the protection of the personal data. Many of the requirements of the GDPR are also included in the ``ISO27k'' family of standards. Consequently, organisations that have applied ISO27k to develop an Information Security Management System (ISMS) are likely to have already accommodated many of the GDPR requirements. This work identifies synergies between the new Regulation and the well-established ISO/IEC 27001:2013 and proposes practices for their exploitation. The proposed alignment framework can be a solid basis for compliance, either for organisations that are already certified with ISO/IEC 27001:2013, or for others that pursue compliance with the Regulation and the ISO/IEC 27001:2013 to manage information security.

[5]
R. Meneses, R. Moraes, V. Diamantopoulou, I. Blanquer, Compliance of the privacy regulations in an international Europe-Brazil context, Position paper in Proceedings of the Cloudscape Brazil 2019, Using secure cloud and IT services into market innovation leadership, Jul, 2019, Belem, Brazil, https://eubrasilcloudforum.eu/en/cloudsc...
C. Alexopoulos, Z. Lachana, A. Androutsopoulou, V. Diamantopoulou, Y. Charalabidis, M. Loutsaris, How Machine Learning is changing e-Government, 12th International Conference on Theory and Practice of Electronic Governance (ICEGOV2019), Soumaya Ben Dhaou, Lemuria Carter, and Mark Gregory, (eds), (to_appear), Apr, 2019, Melbourne, Australia, ACM Press, http://www.icegov.org
 

Abstract
Big Data is, clearly, an integral part of modern information societies. A vast amount of data is, daily, produced and it is estimated that, for the years to come, this number will grow dramatically. In order for transforming this hidden provided information into a useful one, the use of advanced technologies, such as Machine Learning is deemed appropriate. Over the last years, Machine Learning has grown a great effort considering the given opportunities its usage provides. Furthermore, Machine Learning is a technology that can handle Big Data classification for statistical or even more complex purposes such as decision making. At the same time the new generation of government, Government 3.0, explores all the new opportunities to tackle any challenge faced by contemporary societies by utilizing new technologies for data driven decision making. Taking into account the opportunities Machine Learning can provide, more and more governments participate in the development of such applications in different governmental domains. But is the Machine Learning only beneficial for public sectors? Although there is a huge number of researches in the literature there is no a comprehensive study towards the analysis of this technology. Our research moves towards this question conducting a comprehensive analysis of the use of Machine Learning from Governments. Through the analysis all benefits and barriers are indicated from the public sectors' perspective pinpointing, also, a number of Machine Learning applications where governments are involved.

K. Moutselos, D. Kyriazis, V. Diamantopoulou, I. Maglogiannis, Trustworthy data processing for health analytics tasks, IEEE BigData 2018 Workshop, Dec, 2018, Seattle, WA, USA, IEEE Conference Publishing Services, http://cci.drexel.edu/bigdata/bigdata201...
 

Abstract
Big Data Analytics are indispensable components of architectures dealing with processing and visualizing results of diverse healthcare-related information sources. In this work, we propose a versatile cloud design where the Health Analytic Tools (HATs) are decoupled from the Datastore and the User-Interface parts, still preserving the element of system trust. This design offers advantages over the process of modifying and constructing new health policy models by means of supporting many-to-many relations between HATs and Health Key Performance Indicators. Additionally, it offers independence regarding HAT providers, analytics frameworks, cloud providers and deployment environments allowing the scaling of the proposed architecture.

V. Diamantopoulou, C. Mouratidis, Evaluating a Reference Architecture for Privacy Level Agreements Management, 12th Mediterranean Conference on Information Systems, Sep, 2018, Corfu, Greece, AIS, http://www.mcis2018.eu/
 

Abstract
With the enforcement of the General Data Protection Regulation and the compliance to specific privacy-and security-related principles, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for all organisations keeping EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new regulation could be a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management within the context of real-life case studies from two different domains, the public administration and the healthcare, where sensitive data is kept. The results are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances data subjects’ trust. Keywords: Privacy Level Agreement, Security Requirements Engineering, Privacy Requirements Engineering, Practical Evaluation.

A. Pattakou, A. G. Mavroeidi, V. Diamantopoulou, C. Kalloniatis, S. Gritzalis, Towards the Design of Usable Privacy by Design Methodologies, ESPRE 2018 5th International Workshop on Evolving Security and Privacy Requirements Engineering (in conjunction with the RE'18 26th IEEE Requirements Enginneering Conference), K. Beckers, S. Faily, S.-W. Lee, N. Mead, (eds), Aug, 2018, Banff, Canada, IEEE CPS Conference Publishing Services, https://cybersecurity.bournemouth.ac.uk/...
 

Abstract
As privacy engineering gains much attention, recently literature records a number of methodologies that support software designers to model privacy – aware systems starting from the early stages of the software lifecycle until the late design stages prior to implementation. However, in order for these methodologies to be used and applied successfully from system engineers, it is important to be developed following a number of existing usability criteria for increasing designers’ acceptance and performance. In this paper, we, initially, identify the set of usability criteria presented in the respective literature and examine how the existing privacy requirement engineering methodologies conform with these usability criteria. The results show that most methodologies conform with a number of criteria but still there are opportunities for further improvements.

L. Balby, F. Figueiredo, N. Antunes, V. Diamantopoulou, W. Meira, Fairness and Transparency in Trustworthy Cloud-based Analytics Services, Position paper in Proceedings of the Cloudscape Brazil 2018, Trusted Technologies for strong and competitive economies, Jul, 2018, Natal, Brazil, https://eubrasilcloudforum.eu/en/cloudsc...
I. Blanqer, F. Brazileiro, D. Ardagna, A. Brito, A. Calatrava, A. Carvalho, V. Diamantopoulou, C. Fetzer, W. Meira, R. Moraes, How much can I trust my cloud services, Position paper in Proceedings of the Cloudscape Brazil 2018, Trusted Technologies for strong and competitive economies, Jul, 2018, Natal, Brazil, https://eubrasilcloudforum.eu/en/cloudsc...
V. Diamantopoulou, A. Androutsopoulou, S. Gritzalis, Y. Charalabidis, An Assessment of Privacy Preservation in Crowdsourcing Approaches: Towards GDPR Compliance, IEEE RCIS 12nd International Conference on Research Challenges in Information Science, B. Le Grand, (ed), pp. 1-9, May, 2018, Nantes, France, IEEE Conference Publishing Services, https://ieeexplore.ieee.org/abstract/doc...
 

Abstract
The increasing use of Social Media has transformed them into valuable tools, able to provide answers and decision support in public policy formulation. This has resulted in the emergence of new e-participation paradigms, such as crowdsourcing approaches, aiming to drive more constructive interactions between governments and citizens or experts, in order to exploit their knowledge, opinions, and ideas when tackling complex societal problems. However, the continuous exposure of the average users, without or with limited awareness of the dangers of the disclosure of sensitive data, remains a threat to the preservation of their information privacy. The upcoming EU regulation (GDPR) about the protection of personal data is especially well timed, and forces for revision of the processes followed related to the manipulation of personal data within public participation methods. Towards this direction, a thorough examination of three advanced methods of crowdsourcing in public policy-making processes is conducted in the current paper, analysing the data collection and processing methods they encompass. Then, an assessment of their compliance with fundamental privacy requirements is presented. The research contributes to the identification of challenges that crowdsourcing, and in general, e-participation approaches impose with regard to privacy protection. Further research directions include the implementation of techniques that can satisfy the identified requirements.

V. Diamantopoulou, K. Angelopoulos, M. Pavlidis, C. Mouratidis, A Metamodel for GDPR-based Privacy Level Agreements, ER Forum 2017 36th International Conference on Conceptual Modeling, Nov, 2017, Valencia, Spain, CEUR LNCS, http://ceur-ws.org/Vol-1979/#paper-08
 

Abstract
The adoption of the General Data Protection Regulation (GDPR) is a major concern for data controllers of the public and private sector, as they are obliged to conform to the new principles and requirements managing personal data. In this paper, we propose that the data controllers adopt the concept of the Privacy Level Agreement. We present a metamodel for PLAs to support privacy management, based on analysis of privacy threats, vulnerabilities and trust relationships in their Information Systems, whilst complying with laws and regulations, and we illustrate the relevance of the metamodel with the GDPR.

C. Alexopoulos, V. Diamantopoulou, Y. Charalabidis, The Evolutionary track of OGD portals: A Maturity Model, Proceedings of the IFIP EGOV-EPART 2017 Conference, Sep, 2017, St Petersburg, Russia, Springer LNCS
 

Abstract
Since its inception, open government data (OGD) as a free re-useable object has attracted the interest of researchers and practitioners, civil servants, citizens and businesses for different reasons in each target group. This study was designed to aggregate the research outcomes and developments through the recent years towards illustrating the evolutionary path of OGD portals, by presenting an analysis of their characteristics in terms of a maturity model. A four-step methodology has been followed in order to analyse the literature and construct the maturity model. The results point out the two greater dimensions of OGD portals, naming traditional and advanced evolving within three generations. The developed maturity model will guide policy makers by firstly identify the current level of their organisation and secondly design an efficient implementation to the required state.

K. Angelopoulos, V. Diamantopoulou, C. Mouratidis, M. Pavlidis, M. Salnitri, P. Giorgini, J.F. Ruiz, A Holistic Approach for Privacy Protection in E-Government, ARES Conference 2017 International Conference on Availability, Reliability and Security, M. Mühlhäuser, M. Fischer, Sep, 2017, Calabria, Italy, ACM, http://www.ares-conference.eu/
 

Abstract
Improving e-government services by using data more effectively is a major focus globally. It requires Public Administrations to be transparent, accountable and provide trustworthy services that improve citizen confidence. However, despite all the technological advantages on developing such services and analysing security and privacy concerns, the literature does not provide evidence of frameworks and platforms that enable privacy analysis, from multiple perspectives, and take into account citizens’ needs with regards to transparency and usage of citizens information. .is paper presents the VisiOn (Visual Privacy Management in User Centric Open Requirements) platform, an outcome of a H2020 European Project. Our objective is to enable Public Administrations to analyse privacy and security from different perspectives, including requirements, threats, trust and law compliance. Finally, our platform-supported approach introduces the concept of Privacy Level Agreement (PLA) which allows Public Administrations to customise their privacy policies based on the privacy preferences of each citizen.

V. Diamantopoulou, M. Pavlidis, C. Mouratidis, Evaluation of a Security and Privacy Requirements Methodology using the Physics of Notations, SECPRE 2017 1st International Workshop on SECurity and Privacy Requirements Engineering, J. Mylopoulos, C. Kalloniatis, (eds), Sep, 2017, Oslo, Norway, Springer LNCS, http://www.springer.com/us/book/97833197...
 

Abstract
Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

V. Diamantopoulou, A. Tsohou, E. Loukis, S. Gritzalis, Does the Development of Information Systems Resources Lead to the Development of Information Security Resources? An Empirical Investigation, AMCIS 2017 23rd Americas Conference on Information Systems, Aug, 2017, Boston, USA, AIS, https://amcis2017.aisnet.org/
 

Abstract
Information Systems (IS) are nowadays considered the most important leverage for organizations to operate and gain a competitive advantage. Investments in IS technology, in the recruitment of high qualified IT personnel and the establishment of internal and external robust IT related partnerships are considered determinant factors for business success and continuity. As organizations increasingly rely on IS resources, they face more advanced IS security challenges. This paper explores the relationship between the development of IS resources and security resources; are organizations willing to invest more in IS security resources as they invest more on IS resources? The authors conduct an empirical investigation in organizations located in five Mediterranean countries. The sample includes responses from 61 CEOs, information security managers and IS managers. The results reveal that IS resources positively affect the IS security resources. The human capital plays the most important role for the adoption of IS security.

V. Diamantopoulou, M. Pavlidis, C. Mouratidis, Privacy Level Agreements for Public Administration Information Systems, Proceedings of the CAiSE Forum 2017 29th International Conference on Advanced Information Systems Engineering, X. Franh, J. Ralyté, R. Matulevičius, C. Salinesi, and R. Wieringa, (eds), pp. 97-104, Jun, 2017, Essen, Germany, CEUR LNCS
 

Abstract
Improving Public Administration (PA) operations and services is a major focus globally; they should be transparent, accountable and provide services that improve citizens' confidence and trust. In this context, it is important that PAs have the ability to define agreements between citizens and PAs and that such agreements can be used in the context of PAs Information Systems to specify citizens' privacy needs, provide feedback on data sharing and enable PA departments to analyse privacy threats and vulnerabilities, compliance with laws and regulations and analyse trust relationships. We propose the use of the concept of Privacy Level Agreement (PLA) to address the aforementioned issues. The PLA is formally specified, based on an XML schema, which enables its automated use.

V. Diamantopoulou, K. Angelopoulos, J. Flake, A. Praitano, J.F. Ruiz, J. Jürjens, M. Pavlidis, D. Bonutto, A. Castillo Sanz , C. Mouratidis, Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain, Proceedings of the APF2017 ENISA Annual Privacy Forum, E. Schweighofer, H. Leitold, A. Mitrakas, K. Rannenberg, (eds), pp. 192-209, Jun, 2017, Vienna, Austria, Springer LNCS, https://link.springer.com/book/10.1007%2...
 

Abstract
Development of Information Systems that ensure privacy is a challenging task that spans various fields such as technology, law and policy. Reports of recent privacy infringements indicate that we are far from not only achieving privacy but also from applying Privacy by Design principles. This is due to lack of holistic methods and tools which should enable to understand privacy issues, incorporate appropriate privacy controls during design-time and create and enforce a privacy policy during run-time. To address these issues, we present VisiOn Privacy Platform which provides holistic privacy management throughout the whole information system lifecycle. It contains a privacy aware process that is supported by a software platform and enables Data Controllers to ensure privacy and Data Subjects to gain control of their data, by participating in the privacy policy formulation. A case study from the healthcare domain is used to demonstrate the platform's benefits.

V. Diamantopoulou, C. Kalloniatis, S. Gritzalis, C. Mouratidis, Supporting Privacy by Design using Privacy Process Patterns, IFIP SEC 2017 32nd IFIP International Information Security Conference, S. De Capitani di Vimercati, F. Martinelli, (eds), pp. 491-505, May, 2017, Rome, Italy, Springer LNCS, https://link.springer.com/chapter/10.100...
 

Abstract
Advances in Information and Communication Technology (ICT) have had significant impact on every-day life and have allowed us to share, store and manipulate information easily and at any time. On the other hand, such situation also raises important privacy concerns. To deal with such concerns, the literature has identified the need to introduce a Privacy by Design (PbD) approach to support the elicitation and analysis of privacy requirements and their implementation through appropriate Privacy Enhancing Technologies. However, and despite all the work presented in the literature, there is still a gap between privacy design and implementation. This paper presents a set of Privacy Process Patterns that can be used to bridge that gap. To demonstrate the practical application of such patterns, we instantiate them in JavaScript Object Notation (JSON), we use them in conjunction with the Privacy Safeguard (PriS) methodology and we apply them to a real case study.

V. Diamantopoulou, M. Pavlidis, Visual Privacy Management in User Centric Open Environments, Proceedings of the IEEE RCIS 2017 11th International Conference on Research Challenges in Information Science, S. Assar, O. Pastor, H. Mouratidis, (eds), pp. 461-462, May, 2017, Brighton, UK, IEEE Press [Best Poster Award], http://sense-brighton.eu/rcis2017/
 

Abstract
In open and dynamic online services the exchange of information is demanded to be easy, simple and always available. However, potential users of online services are still reluctant to outsource sensitive data to these services, mainly due to lack of control over management and privacy issues of their data. This becomes more complex when dealing with Public Administrations (PAs) which handle data of citizens, where the latter are obliged, in many cases by law, to do so. This paper presents the VisiOn Privacy Platform, which analyses privacy preferences, and introduces the concept of the Privacy Level Agreement, capturing the PAs and citizens privacy requirements, thus supporting transparency and accountability for PAs.

V. Diamantopoulou, N. Argyropoulos, C. Kalloniatis, S. Gritzalis, Supporting the Design of Privacy-Aware Business Processes via Privacy Process Patterns, IEEE RCIS 2017 11th International Conference on Research Challenges in Information Science, S. Assar, O. Pastor, H. Mouratidis, (eds), pp. 187-198, May, 2017, Brighton, UK, IEEE CPS Conference Publishing Services, http://sense-brighton.eu/rcis2017/
 

Abstract
Privacy is an increasingly important concern for modern software systems which handle personal and sensitive user information. Privacy by design has been established in order to highlight the path to be followed during a system’s design phase ensuring the appropriate level of privacy for the information it handles. Nonetheless, transitioning between privacy concerns identified early during the system’s design phase, and privacy implementing technologies to satisfy such concerns at the later development stages, remains a challenge. In order to overcome this issue, mainly caused by the lack of privacy-related expertise of software systems engineers, this work proposes a series of privacy process patterns. The proposed patterns encapsulate expert knowledge and provide predefined solutions for the satisfaction of different types of privacy concerns. The patterns presented in this work are used as a component of an existing privacy-aware system design methodology, through which they are applied to a real life system.

Y. Charalabidis, C. Alexopoulos, V. Diamantopoulou, A. Androutsopoulou, An open data and open services repository for supporting citizen-driven application development for governance, Proceedings of the HICSS-49 2016 Hawaii International Conference on System Sciences, pp. 2596--2604, Jan, 2016, Koloa, Hawaii, USA, IEEE CPS Conference Publishing Services, http://ieeexplore.ieee.org/document/7427...
 

Abstract
Open data portals have been a primary source for publishing datasets from various sectors of administration, all over the world. However, making open data available does not necessarily lead to better utilisation from citizens and businesses. Our paper presents a new framework and a prototype system for supporting open application development by citizen communities, through gathering and making available open data and open web services sources from governmental actors, combined with an application development environment, training material and application examples.

V. Diamantopoulou, E. Loukis, Y. Charalabidis, Is Information Systems Interoperability an Innovation Driver? An Empirical Investigation, Proceedings of the EMCIS 2014 European, Mediterranean, and Middle Eastern Conference on Information Systems, Oct, 2014, Doha, Qatar, EMCIS
 

Abstract
Most of the research that has been conducted on the business value of information systems (IS) interoperability focuses mainly on the efficiency related benefits it can generate, but deals much less with its potential to drive innovations in firms’ products/services and processes. Our study contributes to filling this research gap by empirically investigating the effect of interoperability of firm’s IS (meant as compliance with various types of relevant standards) on firm’s innovation performance. It is based on a large dataset from 14.065 European firms (from 25 countries and 10 sectors), which has been collected through the e-Business W@tch Survey of the European Commission, and is used for estimating product/service and process innovation models. It has been concluded that IS interoperability has strong positive effects both on product/service and process innovation, which are weaker than the corresponding effects of the degree of development of firms’ IS, but stronger than the effects of the degree of functional development of firm’s e-Sales IS; also they are stronger than the corresponding effects of R&D and competition (regarded as important innovation drivers according to previous literature). Finally, a comparison among different types of IS interoperability standards shows that their positive effects on firms’ innovation activity differ, with the industry-specific and the XML-horizontal standards having stronger effects of similar magnitudes, while the proprietary standards have weaker ones.

Y. Charalabidis, E. Loukis, L. Spiliotopoulou, V. Diamantopoulou, A Framework for Utilizing Web 2.0 Social Media for Participative Governance, Proceedings of the EMCIS 2013 European, Mediterranean, and Middle Eastern Conference on Information Systems, A. Ghoneim, M. Kamal , (eds), Oct, 2013, Windsor, UK, EMCIS
 

Abstract
The Web 2.0 social media have been initially exploited by private sector firms, in order to support mainly their marketing and customer relations functions, and there has been considerable research for developing frameworks and practices for the effective utilization of these new communication media in the private sector. Government started exploiting the high capabilities and popularity of the social media much later, so there has been much less research concerning their effective utilization by government agencies. This paper contributes to filling this research gap, presenting a novel framework for the effective utilization of the Web 2.0 social media by government agencies for promoting participative governance and applying crowdsourcing ideas. It is based on the centralised automated publishing of content and micro-applications to multiple Web 2.0 social media, and then collection of citizens’ interactions (e.g. comments, ratings) with them, based on central platform that uses efficiently the application programming interfaces (APIs) of these social media. Finally, citizens’ interactions are processed in this central platform using a variety of techniques (web analytics, opinion mining, simulation modelling) in order to provide finally useful analytics that offer substantial support to government decision and policy makers. Furthermore, an application and an evaluation model for the proposed framework are described, as well as an extension of it that combines active/moderated and passive/non-moderated crowdsourcing.

E. Loukis, Y. Charalabidis, V. Diamantopoulou, The Effects of Information Systems Interoperability on Business Performance, Proceedings of the EMCIS 2013 European, Mediterranean, and Middle Eastern Conference on Information Systems, A. Ghoneim, M. Kamal , (eds), Oct, 2013, Windsor, UK, EMCIS
 

Abstract
Extensive investments are made for the development of various types of information systems (IS) interoperability technologies, and also for their implementation at firm level. This necessitates the systematic study of the business value that IS interoperability technologies generate. However, quite limited empirical research has been conducted on this. Our study contributes to filling this research gap by presenting an empirical study of the effect of the adoption of three types of IS interoperability standards (industry-specific, XML-horizontal and proprietary ones) on the business benefits firms gain from their information and communication technologies (ICT) infrastructures. It is based on a large dataset from 14.065 European firms (from 25 countries and 10 sectors) collected through the e-Business W@tch Survey of the European Commission. For all these three types of IS interoperability standards it has been concluded that their adoption for establishing IS interoperability with cooperating firms (suppliers, business partners, customers) increases the business benefits gained from firm’s ICT infrastructure, both the cost reduction and the sales growth related ones. A comparison among these three types of IS interoperability standards shows that their positive effects on the ICT business benefits differ, with the industry-specific standards having the strongest effects, which are of similar magnitude with the ones of the degree of development of firm’s internal IS (widely recognized as the main determinants of these benefits). Furthermore, we have found that the adoption of industry-specific standards is particularly important for realizing sales growth related benefits from firm’s ICT infrastructure.

S. Arvanitis, E. Loukis, V. Diamantopoulou, Are ICT, Workplace Organization and Human Capital Relevant for Innovation? A Comparative Study Based on Swiss and Greek Micro Data, 10th Annual International Industrial Organization Conference, pp. 32, May, 2013, Boston, USA,
 

Abstract
This paper examined the relationship between indicators for the intensity of use of ICT, several forms of workplace organization, and human capital and several measures of innovation performance at firm level in an innovation equation framework, in which was also controlled for standard innovation determinants such as demand, competition and firm size. The empirical part is based on data of Swiss and Greek firms. based on the same questionnaire for both countries and took place in 2005. This paper contributes to literature in three ways: first, it analyzes the three most important factors, i.e. information technology, organization, human capita, that are considered to be drivers of innovation performance in the last fifteen to twenty years in the same setting, it uses several innovation indicators that cover both the input and the output side of the innovation process and, third, it does the analysis in a comparative setting for two countries, Greece and Switzerland, with quite different levels of technological and economic development.

E. Loukis, S. Arvanitis, V. Diamantopoulou, An Empirical Investigation of the Effect of Hard and Soft ICT Investment on Innovation Performance of Greek Firms, Proceedings of the PCI 2012 16th Pan-Hellenic Conference on Informatics, Vergados D., Lambrinoudakis C. , (eds), pp. 31-36, Oct, 2012, Piraeus, Greece, IEEE CPS Conference Publishing Services
 

Abstract
Firms have been making big investments in information and communication technologies (ICT) in the last twenty years. Therefore the investigation of their effect on various aspects of business performance is necessary. This paper presents an empirical investigation and comparison of the effects of hard and soft ICT investment, and also of four ‘traditional’ innovation drivers (demand expectation, price and non-price competition, market concentration), on the innovation performance of Greek firms. In particular, we examine from this perspective four different types of soft ICT investment in ICT structures, personnel, skills and processes. Our results indicate that while in the innovation averse Greek national context none of the examined traditional innovation drivers have a statistically significant impact on the innovation performance of Greek firms, both hard ICT investment, and three of the examined types of soft ICT investment, have such positive impacts. Our results provide empirical evidence that both hard and soft ICT investment can be strong drivers of innovation, even in such innovation averse contexts, in which the classical innovation drivers do not affect innovation performance.

S. Arvanitis, E. Loukis, V. Diamantopoulou, Soft ICT and Innovation Performance – An Empirical Investigation, Proceedings of the EMCIS 2012 European, Mediterranean, and Middle Eastern Conference on Information Systems, A. Ghoneim, R. Klischewski, H. Schrödl, M. Kamal , (eds), pp. 426-440, Jun, 2012, Munich, Germany, EMCIS
 

Abstract
The limited number of previous empirical investigations of the effect of information and communication technologies (ICT) on innovation focus mainly on the ‘hard’ dimensions of ICT (i.e. firm’s ICT equipment). This paper presents an empirical investigation of the effect of five important ‘soft’ dimensions of ICT at firm level (ICT structure, personnel, skills, strategy, processes) on firm’s innovation performance (concerning both products/services and processes innovation). It is based on firm-level data collected through a survey of 271 Greek firms, which have been used for estimating regressions of product/service innovation and process innovation on measures of the hard ICT, the above five soft dimensions of ICT, and also four important ‘traditional’ innovation determinants identified from the long previous research in this area (demand expectation, price and non-price competition, market concentration). It is concluded that four of the examined soft dimensions of ICT (ICT personnel, skills, strategy and processes) have positive effects on firm’s innovation performance. Our results indicate that the soft dimensions of ICT at firm level are strong drivers of innovation, which increase considerably the positive contribution of ICT to firms’ innovation performance.

E. Loukis, Y. Charalabidis, V. Diamantopoulou, Different Digital Moderated and Non-Moderated Mechanisms for Public Participation, Proceedings of the EMCIS 2012 European, Mediterranean, and Middle Eastern Conference on Information Systems, Late Breaking Papers, A. Ghoneim, R. Klischewski, H. Schrödl, M. Kamal, (eds), pp. 63-73, Jun, 2012, Munich, Germany, EMCIS
 

Abstract
Several off-line mechanisms have been developed and applied for the participation of citizens in government policy making and services design. The increasing adoption of ICT, and especially the Internet, by individuals allows the development of a new generation of digital mechanisms for public participation (e-participation). The dominant digital mechanism has been in the last ten years the development of official e-participation websites by government agencies, which provide to the citizens information on government activities and also policies and services under formulation, and allow them to participate in relevant consultations in electronic fora. However, the effectiveness of this mechanism has been much lower than expectations. In this paper are presented three different digital mechanisms for public participation, which have been developed by the authors as part of European research projects. The first of them is based on the use of structured e-forum, in which citizens can enter only annotated postings according to a predefined discussion ontology. The second is based on the use of a central platform which can publish policy-related content and micro-applications to multiple social media simultaneously, and also collect and process data on citizens’ interaction with them (e.g. views, comments, ratings, votes, etc.). While the previous mechanisms were moderated by government, the third one – still under development as part of the European research project NOMAD - is non-moderated. It is based on the search by government agencies for content on a public policy under formulation, which has been created in numerous social media and other sources (e.g. blogs and micro-blogs, news sharing sites, online forums, etc.) by citizens freely, without any government initiation, stimulation or moderation, and the advanced processing of this content.

S. Arvanitis, E. Loukis, V. Diamantopoulou, Information Systems and Innovation in Greek Firms – An Empirical Investigation, Proceedings of the PCI 2011 15th Pan-Hellenic Conference on Informatics, N. Karanikolasν C. Douligeris, (eds), pp. 315-320 , Sep, 2011, Kastoria, Greece, IEEE CPS Conference Publishing Services
 

Abstract
There has been an extensive theoretical literature during the last 20 years supporting that information and communication technologies (ICT) have a huge potential to drive significant innovations in firms’ processes, products and services, which can result in big performance improvements. However, limited empirical investigation of this innovation potential of ICT has been conducted. This paper presents an empirical investigation of the impact of two widely used types of information systems (IS) (internal and e-sales ones), and also of four important ‘traditional’ innovation determinants (demand expectation, price and non-price competition, market concentration) for comparison purposes, on innovation in Greek firms. It has been concluded that in the ‘innovation averse’ Greek national context both these IS types have a strong positive impact on innovation, whilst this does not hold for any of the examined ‘traditional’ innovation determinants.

S. Arvanitis, E. Loukis, V. Diamantopoulou, The Impact of Different Types of ICT On Innovation Performance of Greek Firms, Proceedings of the EMCIS 2011 European, Mediterranean, and Middle Eastern Conference on Information Systems, A. Ghoneim, M. Themistocleous, D. Koufopoulos, M. Kamal , (eds), pp. 609-623, May, 2011, Athens, Greece, EMCIS
 

Abstract
It is widely recognised that innovation is of critical importance for the competitiveness and growth of firms, sectors and countries, so understanding its determinants is a critical research question. Beyond the ‘traditional’ innovation determinants identified by previous relevant research, there has been extensive theoretical literature on the potential of information and communication technologies (ICT) to drive innovation; however limited empirical investigation of it has been conducted. This paper presents an empirical investigation of the impact of three different ICT (internal information systems (IS), e-sales and e-procurements), and also - for comparison purposes – of four important ‘traditional’ innovation determinants (demand expectation, price and non-price competition, market concentration), on the innovation performance of Greek firms. It is based on firm-level data collected through a survey of 271 Greek firms. The results show that in the Greek ‘innovation averse’ national context (characterised by low level of innovation and uncertainly avoidance culture), though none of the examined ‘traditional’ innovation determinants has an impact on product and process innovation of firms, the internal IS have a strong positive impact on both product and process innovation, and the e-sales only on process innovation; on the contrary, e-procurement is not a driver of innovation. Our results indicate the high potential of ICT as innovation driver even in innovation averse contexts, which however varies between different types of ICT.

Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
E. Loukis, A. Andritsakis, V. Diamantopoulou, (eds), Ολοκληρωμένη Μηχανογραφική Υποστήριξη Επιχειρήσεων με SAP, 2009, Αθήνα, Εκδόσεις Νέων Τεχνολογιών

Κεφάλαια σε Βιβλία


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
M. Sideri, S. Gritzalis, V. Diamantopoulou, Data collection techniques used as mechanisms for citizens, chapter in: The Social Dimension of Sustainability, M. Kaila, (ed), 2020, Athens, Greece, Diadrasi Pubs (in Greek)
[2]
A. Praitano, L. Giovannetti, V. Diamantopoulou, M. Salnitri, An Introduction to Privacy, chapter in: Visual Privacy Management, M. Salnitri, J. Jürgens, H. Mouratidis, L. Mancini, P. Giorgini, (eds), pp. 1-21, 2020, Springer Cham, https://link.springer.com/book/10.1007/9...
[3]
M. Sideri, V. Diamantopoulou, S. Gritzalis, Privacy preservation in modern e-Participation environments: The Crowdsourcing case, chapter in: The Digital Future, G. Doukidis, (ed), pp. 297-306, 2019, Athens, Greece, Sideri Pubs. (in Greek)
E. Loukis, Y. Charalabidis, V. Diamantopoulou, The Multidimensional Business Value of Information Systems Interoperability, chapter in: Revolutionizing Enterprise Interoperability through Scientific Foundations, Lampathaki Fenareti, Jardim-Goncalves Ricardo , (eds), 2014, IGI Global – Business Science Reference
Y. Charalabidis, E. Loukis, V. Diamantopoulou, Υποστήριξη Διεργασιών Διαμόρφωσης Δημόσιων Πολιτικών με Χρήση Κοινωνικών Μέσων, chapter in: Συνεργατικό Δίκτυο και Κοινωνία, Ι. Αποστολάκης, (ed), 2011, Εκδόσεις Παπαζήση

Επιμέλεια Πρακτικών Διεθνών Συνεδρίων


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.