As organisations and individuals depend more and more on updated information in all aspects of their existence, IT has became a strategic resource that needs to be protected and managed. New services and new ways of interaction using mobile and wearable devices, the deployment and massification of online-connected devices (IoT), and the exposition of more critical systems to the Internet (for instance in the case of the Smart Cities), pose serious threats to the information security. New directions are emerging to ensure the confidentiality, integrity and availability of information so that individuals, organizations and its systems (some of them critical) continue to operate flawlessly, facing the risks that are important to understand and mitigate.

This research thread aims at the investigation and study of the threats to information security and to design and propose new approaches and solutions to cope with some of those threats. Currently this thread is tackling the following specific topics:

• security in the software engineering processes – how security specific processes can be embedded in software engineering practices to deliver software products that have an high quality in terms of security;
• web, mobile and wearable secure software development – specific security procedures to tackle existing threats in these platforms;
• security in highly distributed systems – approaches for defining and implementing security end-to-end environments on distributed systems (for instance, on IoT-based ecosystems);
• adaptable security architectures – security architectures based on distributed security services that can be orchestrated to implement specific security scenarios;
• digital asset management for privacy protection – usage of rights management systems to implement secure mechanisms / privacy mechanisms for users to deploy privacy-enhanced scenarios for cloud and social network systems;
• educational and knowledge e-IPR protection – usage of rights management systems to provide security and governance over knowledge-generated and educational content;
• e-health security – applicability of rights management systems to offer the protection of PII (Personal Identifiable Information) on e-health systems;
• cyber security situation awareness, information sharing and exchange, standards, data sources, metrics, risk analysis and cyber security decision aiding;
• digital content filtering.

Secure software development, Software Security Risks, Software Security Tests and Assurance, ISO 2700x, BSIMM, ODRL, MPEG-21, OSSTMM, Cyber security data sharing and exchange standards (e.g. CPE, CWE, CVE, CVSS), secure protocols. cryptography, intellectual property rights, privacy, decision analysis.