Organizations use this data for analysis and adjusting the operation of their services. However, they may also use the data for purposes that could be considered controversial and potentially harmful to the user. To limit the misuse of user data, the European Union has adopted the GDPR regulation, which defines how organizations store, process, and use the collected data. In the Republic of Slovenia, the ZVOP-2 law was adopted based on the GDPR. The work also presents an analysis of the ISO 27001 standards and the NIST FIPS Act 199, which set requirements for ensuring system security. As an example of an information system, the work examines the LucamiMS application, which was developed within the project Monitoring and Improving Individual Student Counseling in COVID and Post-COVID Situations. All parts of the application and its architecture are presented, highlighting the components needed for operation and those that affect data collection and storage. The work presents the technologies required for developing the application that collects data on individuals in the context of measuring mathematical anxiety. It analyzes the articles of the law focused on the development of applications and data in the context of the research on mathematical anxiety. In line with the ISO 27001 standard, the work defines a system for analyzing the security of the information system. It also presents a security assessment of the application for measuring mathematical anxiety and highlights its shortcomings. Finally, the work summarizes the key points highlighted during the security assessment of the data collection application.
|