using risk management to improve privacy in information systems 1
TRANSCRIPT
1
Using Risk Management to Improve Privacy in Information Systems
2
Potential Problems for Individuals
Loss of Self Determinati
on
Loss of AutonomyExclusionLoss of LibertyPhysical Harm
Loss of Trust
Discrimination
StigmatizationPower
Imbalance
Economic Loss
3
Frame
Assess
Respond
Monitor
Senior Management
Product Manager
4
Engineer
Controls
Objectives
Metrics
Governance
Risk Model
Risk Assessment
Requirements
System DesignEvaluation
The Right Tool for the JobMany current privacy approaches are some mixture of governance principles, requirements and controls.
TransparencyIndividual ParticipationPurpose SpecificationData Minimization
Use LimitationData Quality and IntegritySecurityAccountability and Auditing
Authority and PurposeAccountability, Audit, and Risk ManagementData Quality and IntegrityData Minimization and Retention
Individual Participation and RedressSecurityTransparencyUse Limitation
NIST SP 800-53, Appendix J
USG FIPPs
6
NISTIR
NIST Process
2015Worksho
p 2Sep
2014
Draft Proposal
for Objective
s and Risk
Model
Aug2014
Workshop 1
April 2014
7
Draft Privacy Engineering Objectives• The objectives are characteristics or properties of the system.
• The objectives support policy
• Part of broader risk management framework, including security, etc.
Predictability
ManageabilityUnlinkability
orObscurity?
8
Security Risk Equation
Security Risk = Vulnerability * Threat * Impact
Identifying System Privacy Risk
9
Privacy Risk
Likelihood of
Problematic Data Actions
Impact
Personal Informati
on
Context
Data Action
s
Frame Business
Objectives
Frame Org Privacy
Governance
Assess System Design
Assess Privacy
Risk
Design Privacy Controls
Monitor Change
11
Resources
NIST website: http://csrc.nist.gov/projects/privacy_engineering/index.html