Abstract
IT service operations involve handling sensitive customer data, which gets logged into the system in the form of tickets describing the issues faced by customer. An authorized agent tasked with resolving a ticket may get exposed to sensitive customer information, which can lead to privacy breach, impacting the customer and potentially damaging the reputation of the organization. To address this issue, we propose a framework that minimizes sensitive data exposure to preserve privacy in IT service operations. Our framework quantifies the sensitive data misuse by an agent based on the information aggregated at their end. The sensitive data within ticket is masked and the flow of ticket is regulated to restrict the sensitive data aggregation. Additionally, we introduce a simulator, PESO (Privacy Enabled Service Operation), to study and demonstrate the implications of privacy settings on various service operation parameters.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bai, X., Gopal, R., Nunez, M., Zhdanov, D.: A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes. Decis. Support Syst. 57, 406–416 (2014). https://doi.org/10.1016/j.dss.2012.10.046
Benitez, K., Malin, B.: Evaluating re-identification risks with respect to the HIPAA privacy rule. J. Am. Med. Inform. Assoc. 17(2), 169–177 (2010). https://doi.org/10.1136/jamia.2009.000026
De Capitani di Vimercati, S., Genovese, A., Livraga, G., Piuri, V., Scotti, F.: Chapter 57 - privacy and security in environmental monitoring systems: issues and solutions. In: Vacca, J.R. (ed.) Computer and Information Security Handbook (Third Edition), 3rd edn., pp. 823–841. Morgan Kaufmann, Boston (2013). https://doi.org/10.1016/B978-0-12-803843-7.00057-0
Fang, M., Sun, M., Li, Q., Gong, N.Z., Tian, J., Liu, J.: Data poisoning attacks and defenses to crowdsourcing systems. In: Proceedings of the Web Conference 2021, WWW 2021, pp. 969-980. Association for Computing Machinery, New York (2021) https://doi.org/10.1145/3442381.3450066
Gartner: IT service management platforms reviews and ratings (2024). https://www.gartner.com/reviews/market/it-service-management-platforms. Accessed 01 May 2024
Gupta, H.S., Sengupta, B.: Scheduling service tickets in shared delivery. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) Service-Oriented Computing, pp. 79–95. Springer, Heidelberg (2012)
Harel, A., Shabtai, A., Rokach, L., Elovici, Y.: M-score: a misuseability weight measure. IEEE Trans. Dependable Secure Comput. 9(3), 414–428 (2012). https://doi.org/10.1109/TDSC.2012.17
Koo, M.: Technology won’t protect your data-humans must come first (2023). https://www.forbes.com/sites/forbestechcouncil/2023/03/30/technology-wont-protect-your-data-humans-must-come-first. Accessed 01 May 2024
Krishnan, M., Srinivasan, M.K., Mathews, C.A.: Agent score-based intelligent incident allocation engine. In: Fong, S., Dey, N., Joshi, A. (eds.) ICT Analysis and Applications, pp. 289–307. Springer, Singapore (2021)
Kumar, R., Gupta, R., Mondal, S., Gharote, M., Gauravaram, P., Lodha, S.: Privacy preservation in service operations by minimizing sensitive data exposure. In: 2024 21st Annual International Conference on Privacy, Security and Trust (PST) (2024). (in press)
Mansour, H.O., Siraj, M.M., Ghaleb, F.A., Saeed, F., Alkhammash, E.H., Maarof, M.A.: Quasi-identifier recognition algorithm for privacy preservation of cloud data based on risk reidentification. Wirel. Commun. Mob. Comput. 2021, 1–13 (2021)
Mondal, S., Gharote, M.S., Lodha, S.P.: Privacy of personal information: going incog in a goldfish bowl. Queue 20(3), 41–87 (2022). https://doi.org/10.1145/3546934
Phuke, N., Saurabh, S., Gharote, M., Lodha, S.: PETA: privacy enabled task allocation. In: 2020 IEEE International Conference on Services Computing (SCC), pp. 226–233 (2020). https://doi.org/10.1109/SCC49832.2020.00037
Silva, P., Gonçalves, C., Godinho, C., Antunes, N., Curado, M.: Using NLP and machine learning to detect data privacy violations. In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 972–977 (2020). https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162683
Storchak, Y.: Insider threat statistics for 2024: reports, facts, actors, and costs (2024). https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures. Accessed 01 May 2024
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gupta, R., Kumar, R., Mondal, S., Gharote, M., Lodha, S. (2025). Enabling Privacy in IT Service Operations. In: Patil, V.T., Krishnan, R., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2024. Lecture Notes in Computer Science, vol 15416. Springer, Cham. https://doi.org/10.1007/978-3-031-80020-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-80020-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-80019-1
Online ISBN: 978-3-031-80020-7
eBook Packages: Computer ScienceComputer Science (R0)