Privacy audittalkfinal
•Download as PPT, PDF•
1 like•402 views
20 minute talk at the Annual Privacy Forum in Limassol on October 11, 2012
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (7)
Similar to Privacy audittalkfinal
Similar to Privacy audittalkfinal (20)
Privacy audittalkfinal
- 1. IBM Research - Haifa Conceptual Framework and Architecture for Privacy Audit Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany, Elena Ferrari, Alan Hartman IBM Haifa Research Laboratory – KK, TD, AH Unabhaengiges Landeszentrum fuer Datenschutz - KB University of Insubria – PC, EF © 2012 IBM Corporation
- 2. IBM Research - Haifa Agenda Motivation Tool Enhanced Audit Process Data Protection Goals Data Privacy Compliance Metrics Architecture For Privacy Audit © 2012 IBM Corporation
- 3. IBM Research - Haifa Motivation Many organizations collect a lot of private data Most of them want to comply with the law BUT The privacy protection laws are complex and heterogeneous Privacy compliance audits are expensive © 2011 IBM Corporation
- 4. IBM Research - Haifa Tool Enhanced Audit Process Stage 1: Determine targets of evaluation Based on data protection goals – rather than laws Analysis of data collection and storage processes Analysis of the types of data collected Stage 2: Design metrics Create a UML representation of the privacy requirements Map the processes and IT artifacts onto the model Derive metrics related to the DPG Stage 3: Build assessment tools Separate metric assessor plugins for each metric © 2011 IBM Corporation
- 5. IBM Research - Haifa Data Protection Goals Protection Measures Assessment and Finding of Protection Needs 1. Legal Balancing of Protection Goals 2. Protection Measures Catalogues 3. Scalability (normal, high, very high) Data Protection Goals Intervenability Legal Additional External Actors Relationships • Research (engineering, economics, social scienes) Unlinkability • Security Services • Regulators, BNA, Bureau of Standards Process owners = • Access-, Content-, IT-Provider Responsibilities Transparency Roles and Responsibilities Sub-Processsing Operative Support of DP by: Data (Data Center, Cloud Confidentiality IT-Provider, …) External Standards (e.g. ISO2910X), BSI/DSec-Audits Operator Provider Operative Support of DP by: Data (& formats) Data Protection Management System Integrity Metering Point Processes (& adresses) Operator Systems (& legal and Availability User Operative Support of DP by: technical interfaces) User Controlled Identity Management Key- Appl. Specific Admin. Aggregated Gateway … Processes © Rost Data Data Data Data Data © 2012 IBM Corporation
- 6. IBM Research - Haifa Data Privacy Compliance Metrics Privacy conceptual model defines a language for expressing privacy requirements Constraints on the model are weighted by the assessor, and associated with Data Protection Goals The system under assessment is mapped onto the privacy requirements model Metrics are derived from the weighted sum of constraints satisfied by the system under assessment 6 © 2012 IBM Corporation
- 7. IBM Research - Haifa Architecture for Data Privacy Audit 7 © 2012 IBM Corporation
- 8. IBM Research - Haifa Sample Audit Report © 2012 IBM Corporation
- 9. IBM Research - Haifa Main contributions Linkage between data protection goals and privacy compliance metrics Conceptual model for privacy requirements including a set of UML classes and constraints Extensible and transparent architecture for privacy compliance assessment tools © 2012 IBM Corporation
Editor's Notes
- The DPG cube allows for a standardized approach to data protection assessment. An Assessment requires precise knowledge of its target. The cube model allows to identify and determine all aspects and “players” relevant for a data protection assessment: the processes, roles and responsibilities and protection measures necessary to address the requirements of data protection represented by the six fundamental data protection goals. Using the protection goals allows a two-way check: To identify whether all and sufficient technical and organizational measures are taken that are required by data protection law and to determine whether all relevant processes have been identified. In doing so roles can be determined and responsibilities can be assigned which is essential for accountability. Yet, accountability (who is responsible for what?) is what is still missing in the majority of processing operations. In an assessment it is important to assess that there is a responsible entity for each and every operation.
- Privacy conceptual model is the meta-model of a modeling language for the privacy domain Privacy requirements are specified as logic predicates that 1) bind elements of this modeling language among them and 2) constrain their properties Logic components of existing applications are mapped to privacy domain conceptual elements The mapping results in a model which is an instance of the aforementioned meta-model Privacy metrics define compliance criteria of the mapped system to the reference requirements A privacy metric expresses a quantifiable similarity criterion of the expected system state with its actual state