SlideShare a Scribd company logo

NIST Privacy Engineering Working Group - Risk Model

David Sweigert
David Sweigert

NIST Privacy Engineering Working Group Risk Model presentation Posted as a courtesy by: Dave Sweigert, PMP, CISSP, Security+

Technology
1 of 31
Privacy Engineering Objectives and Risk Model- Discussion Deck Objective-Based Design for Improving Privacy in Information Systems
Purpose and Scope • This discussion deck describes initial draft components of privacy engineering developed from the output of NIST’s first Privacy Engineering Workshop, April 9-10, 2014. It does not address a complete privacy risk management framework. • The draft components include a definition for privacy engineering, a set of privacy engineering objectives and a system privacy risk model. This deck will be used to facilitate discussions at the second Privacy Engineering Workshop on September 15-16, 2014 in San Jose, CA. • The privacy engineering objectives and risk model are primarily focused on mitigating risks arising from unanticipated consequences of normal system behavior. Risks to privacy arising from malicious actors or attacks can continue to be mitigated by following standard security principles.
Risk Model (Personal Information + Data Actions + Context = System Privacy Risk) Controls (Derived from FIPPs, etc.) Objectives (Predictability, Manageability, Confidentiality) Metrics ModelPrivacy Risk Management Framework Privacy Engineering Components Policy (Law, Regulation, FIPPs, etc.) Risk Requirements System Evaluation SeptemberWorkshop
Privacy Engineering Privacy engineering is a collection of methods to support the mitigation of risks to individuals of loss of self-determination, loss of trust, discrimination and economic loss by providing predictability, manageability, and confidentiality of personal information within information systems.
Key Terms • Privacy Engineering Objectives: Outcome-based objectives that guide design requirements to achieve privacy-preserving information systems. • Data Lifecycle: The data actions an information system performs. • Data Actions: Normal information system operations that handle personal information. • Problematic Data Actions: Problematic data actions occur when the data actions of an information system contravene the objectives of predictability, manageability, or confidentiality. • Context: The circumstances surrounding a system’s collection, generation, processing, disclosure and retention of personal information.
Key Terms (con’t) Privacy Harms: Harms to individuals that result from problematic data actions. Harms can be grouped into four categories: • Loss of Self-Determination: The loss of an individual’s personal sovereignty or ability to freely make choices. This includes the harms of Loss of Autonomy, Exclusion, Loss of Liberty • Discrimination: The unfair or unequal treatment of individuals. This includes the harms of Stigmatization and Power Imbalance. • Loss of Trust: The breach of implicit or explicit expectations or agreements about the handling of personal information. • Economic Loss: Economic loss can include direct financial losses as the result of identity theft, as well as the failure to receive fair value in a transaction involving personal information.
Privacy Engineering Objectives Outcome-based objectives that guide design requirements to achieve privacy-preserving information systems.
Objectives Requirements Design Evaluation Criteria System Risk Analysis Testing
Predictability Enabling reliable assumptions about the rationale for the collection of personal information and other data actions to be taken with that personal information. Example Violation of Predictability Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Processing Aggregation Unanticipated Revelation Stigmatization, Power Imbalance, Loss of Trust, Loss of Autonomy
Manageability Providing the capability for authorized modification of personal information, including alteration, deletion, or selective disclosure of personal information. Example Violation of Manageability Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Disposal Normal Account Deletion Unwarranted Restriction Exclusion, Economic Loss, Loss of Trust
Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (NIST SP 800-53, rev 4) Example Violation of Confidentiality Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Retention Secure Storage Insecurity Economic Loss, Stigmatization
System Privacy Risk Model
Assessing System Privacy Risk • To understand the magnitude of privacy risk within an information system, the proposed model focuses on the risk or likelihood of problematic data actions occurring that could result in privacy harm to individuals. • A key distinction between privacy and security is that privacy harms may arise even though the system is performing data actions in accordance with its operational purpose. Moreover, these harms may be difficult to assess as they may occur externally to the system, and beyond the system owner's awareness. • Thus, the risk model concentrates on the risk of data actions becoming problematic which the system owner or designer can better recognize and control.
System Privacy Risk Equation System privacy risk is the risk of problematic data actions occurring Personal Information Collected or Generated + Data Actions Performed on that Information + Context = System Privacy Risk
Context “Context” means the circumstances surrounding a system’s collection, generation, processing, disclosure and retention of personal information.
Examples of Contextual Factors • The relationship between individuals and the organization that controls the system • The extent and frequency of direct interactions between an individual and the system • The nature and history of those interactions • The range of goods or services that the system offers, and such use by individuals • The types of personal information that is foreseeably necessary for the system to process or generate in order to provide the goods or services • The level of understanding that reasonable individuals would have of how the system processes the personal information that it contains • Information known by the system about the privacy preferences of individuals • The extent to which personal information under the control of the system is exposed to public view • General user experience with information technologies
Problematic Data Actions Problematic data actions occur when the data actions of an information system contravene the objectives of predictability, manageability, or confidentiality.
Appropriation: Personal information is used in ways that exceed an individual’s expectation or authorization Appropriation occurs when personal information is used in ways that an individual would object to or would have negotiated additional value for, absent an information asymmetry or other marketplace failure. Privacy harms that Appropriation can lead to include loss of trust, economic loss or power imbalance.
Distortion: The use or dissemination of inaccurate or misleadingly incomplete personal information Distortion can present users in an inaccurate, unflattering or disparaging manner, opening the door for discrimination harms or loss of liberty.
Induced Disclosure: Pressure to divulge personal information Induced disclosure can occur when users feel compelled to provide information disproportionate to the purpose or outcome of the transaction. Induced disclosure can include leveraging access or privilege to an essential (or perceived essential) service. It can lead to harms such as power imbalance or loss of autonomy.
Insecurity: Lapses in data security Lapses in data security can result in a loss of trust, as well as exposing individuals to economic loss, and stigmatization.
Surveillance: Tracking or monitoring of personal information that is disproportionate to the purpose or outcome of the service The difference between the data action of monitoring and the problematic data action of surveillance can be very narrow. Tracking user behavior, transactions or personal information may be conducted for operational purposes such as protection from cyber threats or to provide better services, but it becomes surveillance when it leads to harms such as power imbalance, loss of trust or loss of autonomy or liberty.
Unanticipated Revelation: Non-contextual use of data reveals or exposes an individual or facets of an individual in unexpected ways Unanticipated revelation can arise from aggregation and analysis of large and/or diverse data sets. Unanticipated revelation can give rise to stigmatization, power imbalance and loss of trust and autonomy.
Unwarranted Restriction: The improper denial of access or loss of privilege to personal information Unwarranted restriction to personal information includes not only blocking tangible access to personal information, but also limiting awareness of the existence of the information within the system or the uses of such information. Such restriction of access to systems or personal information stored within that system can result in harms such as exclusion, economic loss and loss of trust.
Privacy Harms Harms to individuals that result from problematic data actions.
Loss of Self-Determination Loss of autonomy: Loss of autonomy includes needless changes in behavior, including self-imposed restrictions on freedom of expression or assembly. Exclusion: Exclusion is the lack of knowledge about or access to personal information. When individuals do not know what information an entity collects or can make use of, or they do not have the opportunity to participate in such decision-making, it diminishes accountability as to whether the information is appropriate for the entity to possess or the information will be used in a fair or equitable manner. Loss of Liberty: Improper exposure to arrest or detainment. Even in democratic societies, incomplete or inaccurate information can lead to arrest, or improper exposure or use of information can contribute to instances of abuse of governmental power. More life- threatening situations can arise in non-democratic societies.
Discrimination Stigmatization: Personal information is linked to an actual identity in such a way as to create a stigma that can cause embarrassment and discrimination. Sensitive information such as health data or criminal records or merely accessing certain services such as food stamps or unemployment benefits may attach to individuals and be disclosed in unrelated contexts. Power Imbalance: Acquisition of personal information which creates an inappropriate power imbalance, or takes unfair advantage of or abuses a power imbalance between acquirer and the individual. For example, collection of attributes or analysis of behavior or transactions about individuals can lead to various forms of discrimination or disparate impact, including differential pricing or redlining.
Loss of Trust Loss of trust is the breach of implicit or explicit expectations or agreements about the handling of personal information. For example, the disclosure of personal or other sensitive data to an entity is accompanied by a number of expectations for how that data is used, secured, transmitted, shared, etc. Breaches can leave individuals leave individuals reluctant to engage in further transactions.
Economic Loss Economic loss can include direct financial losses as the result of identity theft, as well as the failure to receive fair value in a transaction involving personal information.
Illustrative Mapping of Privacy Engineering Objectives to Problematic Data Actions Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Predictability Collection Service Initiation Induced Disclosure Power Imbalance, Loss of Autonomy Processing Aggregation Unanticipated Revelation Stigmatization, Power Imbalance, Loss of Trust, Loss of Autonomy Processing System monitoring Surveillance Power Imbalance, Loss of Trust, Loss of Autonomy, Loss of Liberty Manageability Disclosure Authorized Attribute Sharing Distortion Stigmatization, Power Imbalance, Loss of Liberty Disposal Normal Account Deletion Unwarranted Restriction Exclusion, Economic Loss, Loss of Trust Confidentiality Use Authorized Use Appropriation Loss of Trust, Economic Loss, Power Imbalance Retention Secure Storage Insecurity Economic Loss, Stigmatization
Discussion Questions For discussion at the NIST Privacy Engineering Workshop on September 15-16, 2014: • Privacy Engineering (slide 4): Is this definition helpful? • Privacy Engineering Objectives (slides 8-10): Are these objectives actionable for organizations? Are there any gaps? • System Privacy Risk Model (slide 13): Is it constructive to focus on mitigating problematic data actions? • System Privacy Risk Equation (slide 14): Does this equation seem likely to be effective in identifying system privacy risks? If not, how should system privacy risk be identified? • Context (slide 16): Are these the right factors? Are there others? • Problematic Data Actions (slides 18-24): Are these actions functional? Are there additional ones that should be included? • Harms (slides 26-29): Are these harms relevant? Are there additional ones that should be included? Comments may also be sent to privacyeng@nist.gov until September 30, 2014.

Recommended

Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
myeaton
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Donald E. Hester
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
PECB
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
Brian Pichman
 

Recommended

Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
myeaton
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
 
Chap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseChap5 2007 C I S A Review Course
Chap5 2007 C I S A Review CourseDesmond Devendran
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Donald E. Hester
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
PECB
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
Brian Pichman
 
The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
Vincent O'Neil
 
CyberCoverage basics
CyberCoverage basicsCyberCoverage basics
CyberCoverage basics
Philip Eifert
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
Thomas Christopher Ty
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
Globus
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
saurnou
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
- Mark - Fullbright
 
E1804012536
E1804012536E1804012536
E1804012536
IOSR Journals
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
- Mark - Fullbright
 
Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
Satya P. Joshi
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access ControlLiam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Global Business Events
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEBMEHMET FATIH YALDIZ
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 

More Related Content

What's hot

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
Vincent O'Neil
 
CyberCoverage basics
CyberCoverage basicsCyberCoverage basics
CyberCoverage basics
Philip Eifert
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
Thomas Christopher Ty
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
Globus
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
saurnou
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
- Mark - Fullbright
 
E1804012536
E1804012536E1804012536
E1804012536
IOSR Journals
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
- Mark - Fullbright
 
Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
Satya P. Joshi
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access ControlLiam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Global Business Events
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 

What's hot (20)

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
 
CyberCoverage basics
CyberCoverage basicsCyberCoverage basics
CyberCoverage basics
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
E1804012536
E1804012536E1804012536
E1804012536
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information Systems
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access ControlLiam Terblanche, CIO at Accsys - Physical vs Logical Access Control
Liam Terblanche, CIO at Accsys - Physical vs Logical Access Control
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 

Similar to NIST Privacy Engineering Working Group - Risk Model

Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
week 7.pptx
week 7.pptxweek 7.pptx
week 7.pptx
StephenGwadi
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
The Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfThe Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdf
uzair
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
Mentalist Akram
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
Technocracy2
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
ThumilvannanSambanda
 
How to Protect your organization from within.pptx
How to Protect your organization from within.pptxHow to Protect your organization from within.pptx
How to Protect your organization from within.pptx
JosephMwakai
 
Confidential data management_key_concepts
Confidential data management_key_conceptsConfidential data management_key_concepts
Confidential data management_key_concepts
Micah Altman
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
gufranresearcher
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
Financial Poise
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
elvinchan
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
ams1ams11
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
ShubhraGoyal4
 
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Soumodeep Nanee Kundu
 
DPIA
DPIADPIA
DPIA
Martyn Ripley
 

Similar to NIST Privacy Engineering Working Group - Risk Model (20)

Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
week 7.pptx
week 7.pptxweek 7.pptx
week 7.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
The Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfThe Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdf
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
 
How to Protect your organization from within.pptx
How to Protect your organization from within.pptxHow to Protect your organization from within.pptx
How to Protect your organization from within.pptx
 
Confidential data management_key_concepts
Confidential data management_key_conceptsConfidential data management_key_concepts
Confidential data management_key_concepts
 
IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practices
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
 
DPIA
DPIADPIA
DPIA
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
David Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
David Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
David Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
David Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
David Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
David Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
David Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
David Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
David Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
David Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

NIST Privacy Engineering Working Group - Risk Model

  • 1. Privacy Engineering Objectives and Risk Model- Discussion Deck Objective-Based Design for Improving Privacy in Information Systems
  • 2. Purpose and Scope • This discussion deck describes initial draft components of privacy engineering developed from the output of NIST’s first Privacy Engineering Workshop, April 9-10, 2014. It does not address a complete privacy risk management framework. • The draft components include a definition for privacy engineering, a set of privacy engineering objectives and a system privacy risk model. This deck will be used to facilitate discussions at the second Privacy Engineering Workshop on September 15-16, 2014 in San Jose, CA. • The privacy engineering objectives and risk model are primarily focused on mitigating risks arising from unanticipated consequences of normal system behavior. Risks to privacy arising from malicious actors or attacks can continue to be mitigated by following standard security principles.
  • 3. Risk Model (Personal Information + Data Actions + Context = System Privacy Risk) Controls (Derived from FIPPs, etc.) Objectives (Predictability, Manageability, Confidentiality) Metrics ModelPrivacy Risk Management Framework Privacy Engineering Components Policy (Law, Regulation, FIPPs, etc.) Risk Requirements System Evaluation SeptemberWorkshop
  • 4. Privacy Engineering Privacy engineering is a collection of methods to support the mitigation of risks to individuals of loss of self-determination, loss of trust, discrimination and economic loss by providing predictability, manageability, and confidentiality of personal information within information systems.
  • 5. Key Terms • Privacy Engineering Objectives: Outcome-based objectives that guide design requirements to achieve privacy-preserving information systems. • Data Lifecycle: The data actions an information system performs. • Data Actions: Normal information system operations that handle personal information. • Problematic Data Actions: Problematic data actions occur when the data actions of an information system contravene the objectives of predictability, manageability, or confidentiality. • Context: The circumstances surrounding a system’s collection, generation, processing, disclosure and retention of personal information.
  • 6. Key Terms (con’t) Privacy Harms: Harms to individuals that result from problematic data actions. Harms can be grouped into four categories: • Loss of Self-Determination: The loss of an individual’s personal sovereignty or ability to freely make choices. This includes the harms of Loss of Autonomy, Exclusion, Loss of Liberty • Discrimination: The unfair or unequal treatment of individuals. This includes the harms of Stigmatization and Power Imbalance. • Loss of Trust: The breach of implicit or explicit expectations or agreements about the handling of personal information. • Economic Loss: Economic loss can include direct financial losses as the result of identity theft, as well as the failure to receive fair value in a transaction involving personal information.
  • 7. Privacy Engineering Objectives Outcome-based objectives that guide design requirements to achieve privacy-preserving information systems.
  • 9. Predictability Enabling reliable assumptions about the rationale for the collection of personal information and other data actions to be taken with that personal information. Example Violation of Predictability Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Processing Aggregation Unanticipated Revelation Stigmatization, Power Imbalance, Loss of Trust, Loss of Autonomy
  • 10. Manageability Providing the capability for authorized modification of personal information, including alteration, deletion, or selective disclosure of personal information. Example Violation of Manageability Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Disposal Normal Account Deletion Unwarranted Restriction Exclusion, Economic Loss, Loss of Trust
  • 11. Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (NIST SP 800-53, rev 4) Example Violation of Confidentiality Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Retention Secure Storage Insecurity Economic Loss, Stigmatization
  • 13. Assessing System Privacy Risk • To understand the magnitude of privacy risk within an information system, the proposed model focuses on the risk or likelihood of problematic data actions occurring that could result in privacy harm to individuals. • A key distinction between privacy and security is that privacy harms may arise even though the system is performing data actions in accordance with its operational purpose. Moreover, these harms may be difficult to assess as they may occur externally to the system, and beyond the system owner's awareness. • Thus, the risk model concentrates on the risk of data actions becoming problematic which the system owner or designer can better recognize and control.
  • 14. System Privacy Risk Equation System privacy risk is the risk of problematic data actions occurring Personal Information Collected or Generated + Data Actions Performed on that Information + Context = System Privacy Risk
  • 15. Context “Context” means the circumstances surrounding a system’s collection, generation, processing, disclosure and retention of personal information.
  • 16. Examples of Contextual Factors • The relationship between individuals and the organization that controls the system • The extent and frequency of direct interactions between an individual and the system • The nature and history of those interactions • The range of goods or services that the system offers, and such use by individuals • The types of personal information that is foreseeably necessary for the system to process or generate in order to provide the goods or services • The level of understanding that reasonable individuals would have of how the system processes the personal information that it contains • Information known by the system about the privacy preferences of individuals • The extent to which personal information under the control of the system is exposed to public view • General user experience with information technologies
  • 17. Problematic Data Actions Problematic data actions occur when the data actions of an information system contravene the objectives of predictability, manageability, or confidentiality.
  • 18. Appropriation: Personal information is used in ways that exceed an individual’s expectation or authorization Appropriation occurs when personal information is used in ways that an individual would object to or would have negotiated additional value for, absent an information asymmetry or other marketplace failure. Privacy harms that Appropriation can lead to include loss of trust, economic loss or power imbalance.
  • 19. Distortion: The use or dissemination of inaccurate or misleadingly incomplete personal information Distortion can present users in an inaccurate, unflattering or disparaging manner, opening the door for discrimination harms or loss of liberty.
  • 20. Induced Disclosure: Pressure to divulge personal information Induced disclosure can occur when users feel compelled to provide information disproportionate to the purpose or outcome of the transaction. Induced disclosure can include leveraging access or privilege to an essential (or perceived essential) service. It can lead to harms such as power imbalance or loss of autonomy.
  • 21. Insecurity: Lapses in data security Lapses in data security can result in a loss of trust, as well as exposing individuals to economic loss, and stigmatization.
  • 22. Surveillance: Tracking or monitoring of personal information that is disproportionate to the purpose or outcome of the service The difference between the data action of monitoring and the problematic data action of surveillance can be very narrow. Tracking user behavior, transactions or personal information may be conducted for operational purposes such as protection from cyber threats or to provide better services, but it becomes surveillance when it leads to harms such as power imbalance, loss of trust or loss of autonomy or liberty.
  • 23. Unanticipated Revelation: Non-contextual use of data reveals or exposes an individual or facets of an individual in unexpected ways Unanticipated revelation can arise from aggregation and analysis of large and/or diverse data sets. Unanticipated revelation can give rise to stigmatization, power imbalance and loss of trust and autonomy.
  • 24. Unwarranted Restriction: The improper denial of access or loss of privilege to personal information Unwarranted restriction to personal information includes not only blocking tangible access to personal information, but also limiting awareness of the existence of the information within the system or the uses of such information. Such restriction of access to systems or personal information stored within that system can result in harms such as exclusion, economic loss and loss of trust.
  • 25. Privacy Harms Harms to individuals that result from problematic data actions.
  • 26. Loss of Self-Determination Loss of autonomy: Loss of autonomy includes needless changes in behavior, including self-imposed restrictions on freedom of expression or assembly. Exclusion: Exclusion is the lack of knowledge about or access to personal information. When individuals do not know what information an entity collects or can make use of, or they do not have the opportunity to participate in such decision-making, it diminishes accountability as to whether the information is appropriate for the entity to possess or the information will be used in a fair or equitable manner. Loss of Liberty: Improper exposure to arrest or detainment. Even in democratic societies, incomplete or inaccurate information can lead to arrest, or improper exposure or use of information can contribute to instances of abuse of governmental power. More life- threatening situations can arise in non-democratic societies.
  • 27. Discrimination Stigmatization: Personal information is linked to an actual identity in such a way as to create a stigma that can cause embarrassment and discrimination. Sensitive information such as health data or criminal records or merely accessing certain services such as food stamps or unemployment benefits may attach to individuals and be disclosed in unrelated contexts. Power Imbalance: Acquisition of personal information which creates an inappropriate power imbalance, or takes unfair advantage of or abuses a power imbalance between acquirer and the individual. For example, collection of attributes or analysis of behavior or transactions about individuals can lead to various forms of discrimination or disparate impact, including differential pricing or redlining.
  • 28. Loss of Trust Loss of trust is the breach of implicit or explicit expectations or agreements about the handling of personal information. For example, the disclosure of personal or other sensitive data to an entity is accompanied by a number of expectations for how that data is used, secured, transmitted, shared, etc. Breaches can leave individuals leave individuals reluctant to engage in further transactions.
  • 29. Economic Loss Economic loss can include direct financial losses as the result of identity theft, as well as the failure to receive fair value in a transaction involving personal information.
  • 30. Illustrative Mapping of Privacy Engineering Objectives to Problematic Data Actions Data Lifecycle Phase Normal Data Action Problematic Data Action Potential Harms Predictability Collection Service Initiation Induced Disclosure Power Imbalance, Loss of Autonomy Processing Aggregation Unanticipated Revelation Stigmatization, Power Imbalance, Loss of Trust, Loss of Autonomy Processing System monitoring Surveillance Power Imbalance, Loss of Trust, Loss of Autonomy, Loss of Liberty Manageability Disclosure Authorized Attribute Sharing Distortion Stigmatization, Power Imbalance, Loss of Liberty Disposal Normal Account Deletion Unwarranted Restriction Exclusion, Economic Loss, Loss of Trust Confidentiality Use Authorized Use Appropriation Loss of Trust, Economic Loss, Power Imbalance Retention Secure Storage Insecurity Economic Loss, Stigmatization
  • 31. Discussion Questions For discussion at the NIST Privacy Engineering Workshop on September 15-16, 2014: • Privacy Engineering (slide 4): Is this definition helpful? • Privacy Engineering Objectives (slides 8-10): Are these objectives actionable for organizations? Are there any gaps? • System Privacy Risk Model (slide 13): Is it constructive to focus on mitigating problematic data actions? • System Privacy Risk Equation (slide 14): Does this equation seem likely to be effective in identifying system privacy risks? If not, how should system privacy risk be identified? • Context (slide 16): Are these the right factors? Are there others? • Problematic Data Actions (slides 18-24): Are these actions functional? Are there additional ones that should be included? • Harms (slides 26-29): Are these harms relevant? Are there additional ones that should be included? Comments may also be sent to privacyeng@nist.gov until September 30, 2014.