Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1
Poten7al&Problems&for&Individuals Loss&of&Autonomy Exclusion Loss&of&Self& Loss&of&Liberty Loss&of&Trust Determina7on Physical&Harm S7gma7za7on Discrimina7on Economic&Loss Power&Imbalance 2
NIST&Risk&Management& Framework&for&Cybersecurity As Asses ess Fr Frame me Mo Monit nitor r Re Respond 3
Pr Produc duct&Manag t&Manager er Governance Evalua7on Requirements System&Design Risk&Assessment Objec7ves Engineer Engineer Se Senio nior& r& Risk&Model Manageme ment Controls Metrics
The&Right&Tool&for&the&Job Many¤t&privacy&approaches&are&some&mixture&of& governance&principles,&requirements&and&controls.& USG&FI FIPPs& NIST&S NIS T&SP&800Y53, P&800Y53,&Ap &Appen endix&J x&J Authority&and&Purpose Individual&Par7cipa7on&and& Transparency Data&Quality&and&Integrity Accountability,&Audit,&and& Redress Individual&Par7cipa7on Security Risk&Management Security Purpose&Specifica7on Accountability&and& Data&Quality&and&Integrity Transparency Data&Minimiza7on Audi7ng Data&Minimiza7on&and& Use&Limita7on Use&Limita7on Reten7on
NIST&Process Dra^& Proposal&for& April& Ap & Au Aug Se Sep p Workshop&1 Objec7ves& Workshop&2 NISTIR 2015 2015 2014 2014 2014 2014 &2014 &2014 and&Risk& Model 6
Dra^&Privacy&Engineering&Objec7ves • Design&characteris7cs&or&proper7es&of&the&system • Support&policy • Support&control&mapping Pr Predic edictability ability&is&enabling&reliable&assump7ons&by&individuals,&owners,&and&operators&about& personal&informa7on&and&its&processing&by&an&informa7on&system.& Manag Manageability eability&is&providing&the&capability&for&granular&administra7on&of&personal&informa7on& including&altera7on,&dele7on,&and&selec7ve&disclosure.& Ob Obscu curity& y&is&enabling&the&processing&of&personal&informa7on&or&events&without&associa7on&to& individuals&or&devices&beyond&the&opera7onal&requirements&of&the&system.& 7
Security&Risk&Equa7on Security&Risk&=& =&Vulnerability&*& *&Threat&*& *&Imp mpact 8
Dra^&Privacy&Risk&Equa7on Privacy&Risk&=& =&Likelihood&of&a&Problema ma7c&Data&Ac7on&*& *&Imp mpact&of&a& Problema ma7c&Data&Ac7on& Lik Likeliho elihood& d&is&a&contextual& Imp mpact&is&an&analysis&of&the&costs& analysis&that&a&data&ac7on&is& should&the&problem&for& likely&to&create&a&problem&for&a& individuals&occur& representa7ve&set&of&individuals Note:&Contextual&analysis&is&based&on&the&data&ac4on&performed&by&the&system,&the&personal& informa4on&being&processed,&and&a&set&of&contextual&considera4ons
Frame& Monitor& Business& Change Objec7ves Design& Frame&Org& Privacy& Privacy& Controls Governance Assess& Assess& System& Privacy&Risk Design Implementa7on 10
Implemen7ng&the& Theory Frame& Monitor& Business& Change Objec7ves Design& Frame&Org& Privacy& Privacy& Controls Governance Assess& Assess& System& Privacy&Risk Design
Frame& Monitor& Business& Change Frame&Business&Objec7ves Objec7ves Design& Frame&Org& Privacy& Privacy& Controls Governance Frame&the&business&objec7ves&for&the&system(s),& including&the&organiza7onal&needs&served.& Assess& Assess& System& Privacy&Risk Design • Describe&the&func7onality&of&the&system(s). • Describe&the&business&needs&that&the&system(s)&serve. • Describe&how&the&system&will&be&marketed,&with&respect&to&any& privacyYpreserving&func7onality.& 12
Frame& Monitor& Business& Change Frame&Privacy&Governance Objec7ves Design& Frame&Org& Privacy& Privacy& Frame&the&organiza7onal&privacy&governance&by& Controls Governance iden7fying&privacyYrelated&legal&obliga7ons,&principles,& Assess& Assess& organiza7onal&goals&and&other&commitments. System& Privacy&Risk Design • Legal&Environment:&Iden7fy&any&privacyYrelated&statutory,& regulatory,&contractual&and/or&other&frameworks&within&which& the&system&must&operate.& • Iden7fy&any&privacyYrelated&principles&or&other&commitments&to& which&the&organiza7on&adheres&(FIPPs,&Privacy&by&Design,&etc.). • Iden7fy&any&privacy&goals&that&are&explicit&or&implicit&in&the& organiza7on’s&vision&and/or&mission.& • Iden7fy&any&privacyYrelated&policies&or&statements&within&the& organiza7on,&or&business&unit. 13
Assess&System&Design&–&Data&Ac7ons Frame& Monitor& Business& Change Objec7ves Generation/ Retention/ Disclosure/ Collection Disposal Design& Frame&Org& Transformation Logging Transfer Privacy& Privacy& Controls Governance OTP% Social%Media% Assess& Provider LEGEND Site Assess& System& Privacy&Risk Design (1,%3,%4,%5,%6) Cloud%Storage% (5)(3,4) Individual Provider Data6Store (1) Government% (3) ACME%IDP (9) Benefits% Web6 Application (2) ACME User Third%Party% inPperson% Third6Party identity%proofing (7,%9,%6) (7,8) Government Govt.%Storage (8) (4) Cell6phone Documents User 14
Assess&System&Design&Y&Context Frame& Monitor& Business& Change Objec7ves Design& Frame&Org& Privacy& Privacy& Controls Governance Assess& Assess& System& Privacy&Risk Design
Frame& Monitor& Assess&Privacy&Risk Business& Change Objec7ves Design& Frame&Org& Privacy& Privacy& Controls Governance Assess& Assess& System& Privacy&Risk Design
Assess&Privacy&Risk Frame& Monitor& Business& Change Objec7ves Problem& m&Priori7za7on&Heat&Map Design& Frame&Org& Privacy& Privacy& Controls Governance 50 BB BB J J 45 Assess& S S Assess& System& Privacy&Risk O O 40 Design AA AA K K H H I I 35 N N Q Q D D X X 30 C C R R mpact U U B B M M G G 25 Imp A A P P L L 20 E E EE EE F F Y Y 15 CC CC W W T T 10 V V Z Z DD DD 5 0 0 1 2 3 4 5 6 7 8 9 10 Lik Likeliho elihood d
Resources& NIST&Privacy&Engineering&Website:& hop://csrc.nist.gov/projects/privacy_engineering/index.html 18
Ques7ons& Contact: Naomi&Leqovitz naomi.leqovitz@nist.gov 19
Recommend
More recommend
