Angelo Nicolosi  CNR ISPC

PRIVACY, SECURITY AND DATA PROTECTION IN AN ARCHAEOLOGICAL DATABASE

The present paper faces the issue of Cyber Security, regarding the management of a miscellaneous data archive accessible to an expert public in the field of archaeology. In particular, we refer to the case study of the outstanding coin treasure of Misurata (Libya) found in 1981,consisting of ca. 108,000 “folles”, that is bronze coins with a silver surface enrichment minted between 294 and 333 AD. The goal of the research project managed by Salvatore Garraffo, past head of National Research Council Institute for Technologies applied to the Cultural Heritage, has been to study both historical and material data of the coins. Therefore, we have carried out an innovative information system called "Moneta": its main target is to record and to manage even the miscellaneous data of the coins obtained through new portable instruments. By means of many campaigns carried out in situ, the analyses earned significant results in both chemical and physical fields. The researches, suspended in 2011 owing to the war events that took place in Libya in this year, and up to day, to the scant security conditions for the work of an archaeological mission making use of cuttingedge technologies, have still allowed the computer recording of about 83,000 coins: some of which have unpublished types. We have also analysed a significant number of coins belonging to all \series, in order to trace the progress of the composition and identify the processing and minting techniques. The Moneta database is therefore still a very useful tool for accessing the descriptive information of the coin treasury, which, however, we constantly monitor in order to ensure secure access to one's own data, as well as those of users authorized to consult it. Databases and its records are, in fact, among the major targets of crackers who take advantage of vulnerabilities in database-driven applications. We refer above all to mediocre password policies, SQL injection and Cross-site scripting actions, improper error handling and failure to comply with European privacy legislation, better known as GDPR (General Data Protection Regulation) which came into force on 25 May 2018.