privacy engineering objectives and risk model
play

Privacy Engineering Objectives and Risk Model Objective-Based - PowerPoint PPT Presentation

Dec 26, 2022 •216 likes •405 views

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

  1. Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1

  2. NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves public safety and commerce security B. Gardner 06photo Advances manufacturing and Improves quality, ensures services uniformity

  3. NIST Partnerships Industry Universities Nonprofits Government 3

  4. First Privacy Engineering Workshop Purpose: • Consider analogous models - Focus on objectives • Identify distinctions Key Outcomes: • Communication gap • Positive interest in a risk management model 4

  5. Model Privacy Risk Privacy Engineering Management Framework Components Policy Objectives September Workshop (Law, Regulation, FIPPs, etc.) Risk (Predictability, Manageability, Confidentiality) Assessment Risk Model (Personal Information + Data Actions + Context = System Privacy Risk) Requirements Controls (Derived from FIPPs, etc.) System Metrics Evaluation 5

  6. Scope Security Privacy 6

  7. Key Terms Problematic Data Privacy Engineering Actions Objectives Data Lifecycle Privacy Engineering Context Privacy Harms Data Actions 7

  8. Privacy Engineering Objectives Outcome-based objectives that guide design requirements to achieve privacy-preserving information systems. 8

  9. Objec&ves ¡ Risk ¡Analysis ¡ Requirements ¡ Evalua&on ¡Criteria ¡ Design ¡ Tes&ng ¡ System ¡ 9

  10. The Privacy Triad • The objectives are Predictability characteristics of the system, not role-based. Enabling reliable assumptions about the rationale for the collection of • The objectives support personal information and the data policy actions to be taken with that personal information. • Aligning the privacy and security overlap Confidentiality Manageability Preserving authorized restrictions on Providing the capability for authorized information access and disclosure, modification of personal information, including means for protecting including alteration, deletion, or personal privacy and proprietary selective disclosure of personal information. information. (NIST SP 800-53, rev 4) 10

  11. System Privacy Risk Model 11

  12. Security Risk Equation Security Risk = Vulnerability * Threat * Impact 12

  13. System Privacy Risk Equation System privacy risk is the risk of problematic data actions occurring Personal Information Collected or Generated * Data Actions Performed on that Information * Context = System Privacy Risk 13

  14. Context “Context” means the circumstances surrounding a system’s collection, generation, processing, disclosure and retention of personal information. 14

  15. Problematic Data Actions and Privacy Harms Distinguish data Validation of the actions that give rise objectives and the to harms and actual risk model harms Problematic Data Privacy Harms Actions 15

  16. Privacy Engineering Definition Privacy engineering is a collection of methods to support the mitigation of risks to individuals of loss of self- determination, loss of trust, discrimination and economic loss by providing predictability, manageability, and confidentiality of personal information within information systems. Information Security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. [44 U.S.C., SEC. 3542] 16

  17. Illustrative Mapping of Privacy Engineering Objectives to Problematic Data Actions Data ¡Lifecycle ¡Phase ¡ Normal ¡Data ¡Ac&on ¡ Problema&c ¡Data ¡Ac&on ¡ Poten&al ¡Harms ¡ Predictability ¡ Collec&on ¡ Service ¡Ini&a&on ¡ Induced ¡Disclosure ¡ Power ¡Imbalance, ¡Loss ¡of ¡Autonomy ¡ S&gma&za&on, ¡Power ¡Imbalance, ¡Loss ¡of ¡Trust, ¡ ¡ Processing ¡ Aggrega&on ¡ Unan&cipated ¡Revela&on ¡ Loss ¡of ¡Autonomy ¡ Power ¡Imbalance, ¡Loss ¡of ¡Trust, ¡Loss ¡of ¡Autonomy, ¡ ¡ Processing ¡ System ¡monitoring ¡ Surveillance ¡ Loss ¡of ¡Liberty ¡ Manageability ¡ Authorized ¡ADribute ¡ Disclosure ¡ Distor&on ¡ S&gma&za&on, ¡Power ¡Imbalance, ¡Loss ¡of ¡Liberty ¡ Sharing ¡ Normal ¡Account ¡ Exclusion, ¡Economic ¡Loss, ¡ ¡ Disposal ¡ Unwarranted ¡Restric&on ¡ Dele&on ¡ Loss ¡of ¡Trust ¡ Confiden&ality ¡ Use ¡ Authorized ¡Use ¡ Appropria&on ¡ Loss ¡of ¡Trust, ¡Economic ¡Loss, ¡Power ¡Imbalance ¡ Reten&on ¡ Secure ¡Storage ¡ Insecurity ¡ Economic ¡Loss, ¡S&gma&za&on ¡ 17

  18. What's Next? Webcast: 2:00pm, ET, October 2, 2014 Publish a NIST Interagency Report • Public comment period between draft and final versions Comments may be sent to privacyeng@nist.gov until October 15, 2014. 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy

Differen'al Privacy and Risk Ra'os: The seman'cs of privacy CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 5 : 590.03 Fall 16 1

345 views • 30 slides
EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone,

EHR Privacy Risk Assessment Using Qualitative Methods Maria Madsen CQUniversity, Gladstone, Queensland EHR Privacy Risk Assessment A Systems Perspective Perform privacy risk Few people have Perform privacy risk Few people

356 views • 13 slides
REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer

REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer

REVERSE-ENGINEERING COUNTRY RISK RATINGS: A COMBINATORIAL NON-RECURSIVE MODEL Peter L. Hammer Alexander Kogan Miguel A. Lejeune Reverse-engineering Country Risk Ratings Importance of Country Risk Ratings Globalization Expansion and

767 views • 21 slides
ESTABLISHMENT Unit 6 Risk Assessment And Risk Response Lecture Objectives Todays objectives

ESTABLISHMENT Unit 6 Risk Assessment And Risk Response Lecture Objectives Todays objectives

SAFETY MANAGEMENT & SITE ESTABLISHMENT Unit 6 Risk Assessment And Risk Response Lecture Objectives Todays objectives are: A justification for risk assessment 5 steps to risk assessment Risk Assessment methods Compare and

764 views • 38 slides
Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to

Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to

Seductive myths about privacy Myth: The major privacy risk is from unauthorized access to information Myth: Privacy can be adequately protected by removing personally identifying information (PII) from records to be released. Myth:

504 views • 24 slides
PTP Risk Engineering Gilles Motet - January 16th, 2017

PTP Risk Engineering Gilles Motet - January 16th, 2017

17/01/2017 PTP Risk Engineering Gilles Motet - January 16th, 2017 http://www.safety-engineering.org/ Importance & Objectives Engineering is faced with 2 goals To take risks for innovation: new technologies (ex. Molecule,

315 views • 10 slides
When using a mathematical model, careful atuention must be given to uncertainties in the

When using a mathematical model, careful atuention must be given to uncertainties in the

Uncertainty in risk engineering: concepts Eric Marsden <eric.marsden@risk-engineering.org> When using a mathematical model, careful atuention must be given to uncertainties in the model. Richard Feynman Epistemic

606 views • 25 slides
Privacy Culture Universities & Colleges Anna Tersigni Phelan, Chief Privacy/Risk/HIM Meredith

Privacy Culture Universities & Colleges Anna Tersigni Phelan, Chief Privacy/Risk/HIM Meredith

Privacy Culture Universities & Colleges Anna Tersigni Phelan, Chief Privacy/Risk/HIM Meredith Gardiner, Director of Services, Regional Brooke Young, Manager, Police Services and Mental Health & Justice 1 Agenda Privacy and Mental

844 views • 50 slides
PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda

PET Semetary: Privacys return from the dead and the Future of Privacy Engineering Seda Grses CITP , Princeton University COSIC, University of Leuven getting privacy engineering right? getting privacy engineering right? software

471 views • 20 slides
2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of

2016 International Workshop on Privacy Engineering IWPE 16 Tools in support of privacy engineering methodologies Tools for privacy communications Aleecia M. McDonald, PhD Non-resident Fellow, Stanford Center for Internet &

902 views • 15 slides
Natural hazards Richard Sheild Provisions in this presentation Definitions of risk,

Natural hazards Richard Sheild Provisions in this presentation Definitions of risk,

Natural hazards Richard Sheild Provisions in this presentation Definitions of risk, risk-based approach, residual risk, hard engineering, soft engineering, high hazard areas, and hazard management strategy. Objectives O20, O21, and

312 views • 27 slides
Privacy Breach Risk and Insurance Vancouver Presentation 10 April 2014 Presented by Brian

Privacy Breach Risk and Insurance Vancouver Presentation 10 April 2014 Presented by Brian

Privacy Breach Risk and Insurance Vancouver Presentation 10 April 2014 Presented by Brian Rosenbaum LL.B National Director Aon Risk Solutions Financial Services Group Legal and Research Practice Aon Cyber and Privacy Group Agenda

313 views • 30 slides
Heuristic Search with Pre-Computed Databases Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Heuristic Search with Pre-Computed Databases Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Heuristic Search with Pre-Computed Databases Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Use pre-computed partial results to improve the efficiency of heuristic search. Introducing a new form of

602 views • 33 slides
INF5110 Compiler Construction Spring 2017 1 / 93 Outline 1. Grammars Introduction

INF5110 Compiler Construction Spring 2017 1 / 93 Outline 1. Grammars Introduction

INF5110 Compiler Construction Spring 2017 1 / 93 Outline 1. Grammars Introduction Context-free grammars and BNF notation Ambiguity Syntax diagrams Chomsky hierarchy Syntax of Tiny References 2 / 93 INF5110 Compiler Construction

1.31k views • 93 slides
McTiny: classic.mceliece.org McEliece for tiny network servers submission team (alphabetical):

McTiny: classic.mceliece.org McEliece for tiny network servers submission team (alphabetical):

1 2 McTiny: classic.mceliece.org McEliece for tiny network servers submission team (alphabetical): me; Daniel J. Bernstein, Tung Chou, osaka-u.ac.jp ; uic.edu , rub.de Tanja Lange, tue.nl ; Joint work with: Ingo von Maurich;

1.87k views • 162 slides
Applications of Deep Learning (Beyond Text & Images) Brian Mac Namee APPLICATIONS OF

Applications of Deep Learning (Beyond Text & Images) Brian Mac Namee APPLICATIONS OF

Applications of Deep Learning (Beyond Text & Images) Brian Mac Namee APPLICATIONS OF MACHINE LEARNING https://trends.google.com/trends/ https://xkcd.com/1425/ https://xkcd.com/1831/ artificial intelligence artificial intelligence

791 views • 60 slides
THE ART OF HOSTING Conversations that Matter September 18, 2018 POPULATION HEALTH INNOVATION LAB

THE ART OF HOSTING Conversations that Matter September 18, 2018 POPULATION HEALTH INNOVATION LAB

THE ART OF HOSTING Conversations that Matter September 18, 2018 POPULATION HEALTH INNOVATION LAB Welcome, Framing and Flow Provide an overview and background of Art of Hosting (AoH) training What does it mean to be a convener/host for

546 views • 15 slides
On reflection in linked data management George Fletcher Eindhoven University of Technology The

On reflection in linked data management George Fletcher Eindhoven University of Technology The

On reflection in linked data management George Fletcher Eindhoven University of Technology The Netherlands DESWeb 2014 Chicago 31 March 2014 reflection in linked data management linked data vision Towards a web of data, use standards in web

514 views • 30 slides
order IN THE AGE OF INNOCENCE JC1 JC2 reminders O U R F I N A L Tips and basics i. Study,

order IN THE AGE OF INNOCENCE JC1 JC2 reminders O U R F I N A L Tips and basics i. Study,

LITERATURE PAPER ONE REVISION LECTURE A HOUSE order IN THE AGE OF INNOCENCE JC1 JC2 reminders O U R F I N A L Tips and basics i. Study, remember, apply a range of methods but only pick out whats relevant. ii. Highlight, highlight

935 views • 37 slides
Dockerising Terrier for OSIRRC Arthur Cmara Craig Macdonald TU Delft University of Glasgow

Dockerising Terrier for OSIRRC Arthur Cmara Craig Macdonald TU Delft University of Glasgow

Dockerising Terrier for OSIRRC Arthur Cmara Craig Macdonald TU Delft University of Glasgow Terrier.org is a Java IR platform. Based on over 20 years of experience in TREC participations, it supports many TREC test collections One of the

643 views • 7 slides

More recommend