1

Using Risk Management to Improve Privacy in Information Systems

2

Potential Problems for Individuals

Loss of Self Determinati

on

Loss of AutonomyExclusionLoss of LibertyPhysical Harm

Loss of Trust

Discrimination

StigmatizationPower

Imbalance

Economic Loss

3

Frame

Assess

Respond

Monitor

Senior Management

Product Manager

4

Engineer

Controls

Objectives

Metrics

Governance

Risk Model

Risk Assessment

Requirements

System DesignEvaluation

The Right Tool for the JobMany current privacy approaches are some mixture of governance principles, requirements and controls.

TransparencyIndividual ParticipationPurpose SpecificationData Minimization

Use LimitationData Quality and IntegritySecurityAccountability and Auditing

Authority and PurposeAccountability, Audit, and Risk ManagementData Quality and IntegrityData Minimization and Retention

Individual Participation and RedressSecurityTransparencyUse Limitation

NIST SP 800-53, Appendix J

USG FIPPs

6

NISTIR

NIST Process

2015Worksho

p 2Sep

2014

Draft Proposal

for Objective

s and Risk

Model

Aug2014

Workshop 1

April 2014

7

Draft Privacy Engineering Objectives• The objectives are characteristics or properties of the system.

• The objectives support policy

• Part of broader risk management framework, including security, etc.

Predictability

ManageabilityUnlinkability

orObscurity?

8

Security Risk Equation

Security Risk = Vulnerability * Threat * Impact

Identifying System Privacy Risk

9

Privacy Risk

Likelihood of

Problematic Data Actions

Impact

Personal Informati

on

Context

Data Action

s

Frame Business

Objectives

Frame Org Privacy

Governance

Assess System Design

Assess Privacy

Risk

Design Privacy Controls

Monitor Change

11

Resources

NIST website: http://csrc.nist.gov/projects/privacy_engineering/index.html