Privacy & Ethical Impact Assessment Workshop_RAMSES Project

•Download as PPTX, PDF•

0 likes•601 views

This document summarizes a workshop on privacy and ethical impact assessment for the RAMSES project. The RAMSES project aims to develop a platform for law enforcement agencies to facilitate digital forensic investigations by combining tools to extract, analyze, link, and interpret information from malware samples on the internet and dark web. The workshop covered conducting a privacy and ethical impact assessment process to identify risks and develop safeguards, including breakout sessions to discuss potential risks and solutions. Potential use cases that RAMSES could aid with were also discussed.

Technology

Privacy & Ethical Impact
Assessment Workshop
Anna Donovan, Trilateral Research Ltd
23 November 2017
Canterbury UK

The RAMSES project objective
 Design and develop a platform for Law Enforcement Agencies (LEAs) to facilitate
digital Forensic Investigations
 The system will extract, analyse, link and interpret information extracted from Internet
malware (ransomware & banking trojans)
 Achieved by:
 Combining intelligent software platform +
 Tools → scraping of public and deep web, detecting manipulation and steganalysis for
payments, extraction and analysis of malware samples, data analysis and visualisations
 Validated by:
 Validation pilots will take place in three different EU countries - Portugal, Belgium and
 Exploited through:
 Potential commercialisation – feasibility study for future adoption/ business models/ etc

P/EIA
 Systematic process for identifying and addressing ethical and privacy issues in an information
system
 It can be described as an early warning system that can help expose risks regarding the project
technology that is in development
 Should be conducted through the design & development cycle of a new tool or system
 Should include a consultation/ review by stakeholders
 Should be published to foster public trust and responsible innovation
*Wright, David and Paul de Hert, Privacy Impact Assessment, Springer, 2012

P/EIA process
Analyse user requirements, system architecture, map information flows
Identify privacy and ethical risks
Develop RAMSES specific safeguards – PbD
Consultation with stakeholders
Communicate these to design team and technical partners
RAMSES will have 2 iterations – design, development and pre-pilots

Breakout session 1: Risks
 Identified risks re: the platform & tools
 ways in which technical components and functionalities of the RAMSES platform may give rise to risks:
 privacy, data protection and ethical principles
 An assessment of the degree of risk and severity of impact. (although can be subjective)
 Intentionally focused on negative impacts (harm)
 The risks identified are not necessarily the only risks presented
 Brainstorm additional risks

Breakout session 2: Solutions & recommendations
 To emphasise privacy (including data protection) + ethical considerations throughout all stages of the project →
safeguards for privacy-by-design
 developed guidelines to be embedded in the design process and development of tech. eco system
 To the extent this does not hinder functionality
 direct response to the risks raised and the severity and likelihood of impact
 Strategies to eliminate, avoid, reduce or transfer the privacy risks:
 technical solutions, operational and/or organisational controls and/or communication strategies (e.g., to raise awareness).
 Primary aim is to ensure that the RAMSES technology respects the privacy and ethical values of citizens.
 Solutions identified are not necessarily the only ones
 Brainstorm additions solutions & recommendations

Breakout session 3: Use cases
 Ransomware infection
 Banking Trojan
 Malware-as-a-Service
 Keep in mind that throughout RAMSES will also aid with:
 Facilitation of communication between LEAs
 Sharing information about ongoing attacks (where LEAs choose to share it)
 Identification of ongoing / past campaigns
 Identification of clusters and central entities in spreading / selling / using malware

Thank you
 Anna Donovan
Trilateral Research Ltd
anna.donovan@trilateralresearch.com
 www.trilateralresearch.com
 www.ramses2020.eu

learn how to protect the data center from dangerous attacks including advanced malware, APTs, insider threats and DDoS. Leverage your existing network resources to: • Obtain in-depth visibility into the data center, including virtual systems • Quickly detect and address anomalies that could signify risks • Prevent devastating data loss • Improve incident response, forensics and compliance For more information visit www.lancope.com

Gilbert "NIST Privacy Framework Version 1.0"

National Information Standards Organization (NISO)

Presentation for Moscow groupuser9345

Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...

Cristian Driga

Unified Threat Management Solutions

Kelvin Charles

FirewallsShatha Al-mazrou

This research work x-rays the indispensability of continuous risk assessment on data and communication devices, to ensure that full business uptime is assured and to minimize, if not completely eradicate downtime caused by “unwanted elements of the society” ranging from hackers, invaders, network attackers to cyber terrorists. Considering high-cost of downtime and its huge business negative impact, it becomes extremely necessary and critical to proactively monitor, protect and defend your business and organization by ensuring prompt and regular Risk assessment of the data and communication devices which forms the digital walls of the organization. The work also briefly highlights the methodologies used, methodically discusses core risk assessment processes, common existing network architecture and its main vulnerabilities, proposed network architecture and its risk assessment integration(Proof), highlights the strengths of the proposed architecture in the face of present day business threats and opportunities and finally emphasizes importance of consistent communication and consultation of stakeholders and Original Equipment Manufacturers (OEMs)

Risk management planExecutive SummaryThe past.docx

SUBHI7

Risk management plan Executive Summary The past few decades have seen technological evolutions on a rapid scale with the growth of the industry taking over the world by storm. Governments and companies alike are investing in further research and development of futuristic technologies in order to work towards a more efficient future in terms of productivity and task automation. The evolution of computers and powerful technologies being made available to the public with them having high processing power and some being small, powerful and portable has led to people having information in their hands, literally. However, with the advantages of the recently introduced technologies, there still are threats brought about by the same since they have raised privacy and other security concerns as well as health concerns associated with a number of the devices. This paper is aimed at identification of strategies to handle risks which may arise from the continuous development of new technologies (Galati, 2015). Comment by Schneider, Paul: This is the only sentence in this summary which focuses on the paper, and it does a very poor job of previewing everything that the reader will see in this paper. Project Summary Scope Comment by Schneider, Paul: This section tells me nothing about the scope for your project. What are the task/activities needed to successfully complete your project? This report is important in analysis of the importance of information technologies being managed and security implemented since with their introduction, most companies have taken them up therefore the need to prevent attacks via technologies implemented. Critical processes in business are reliant to information technologies therefore need for safeguarding them against hacking attacks among other similar threats relating to information technologies. Milestones Comment by Schneider, Paul: This section tells me nothing about the milestones for your project. When does the project start? When does the project end? What are all of the milestones between the start & end? All businesses especially in a technologically growing and depend world need to learn the vulnerabilities posed by the developments as well as methods which can be used to control or curb them. Most companies have successfully put in place firewalls and administrators of networks to monitor, analyze and notify of irregularities which may cause a breach to sensitive company information. Cost Constraints Comment by Schneider, Paul: Very poor job. In implementation of security within information technologies, there are costs involved, some being one off and others being recurrent however all serving the same purpose. Costs inclusive in implementation of security protocols are such as purchase as hardware and software offering security such as firewalls, antiviruses, antimalware programs and programs for detection of network intrusions. Costs can also arise from contracting an external organization to ...

Prima presentationsorin2508

Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...

robbiesamuel

cau-3-asm-life-circle (1).docx

PhanHuuQuyBTECHN

Planning and Deploying an Effective Vulnerability Management Program

Sasha Nunke

This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets. Key take-aways: * Integrating the 3 critical factors - people, processes & technology * Saving time and money via automated tools * Anticipating and overcoming common Vulnerability Management roadblocks * Meeting security regulations and compliance requirements with Vulnerability Management

Workshop II on a Roadmap to Future Government

Samos2019Summit

In this session we proceed to presentations and discussion concerning the the development of the new roadmap for digital government. Two projects (Gov3.0 roadmap and Big Policy Canvas) will join forces in this exciting endeavor. Organizers: Maria Wimmer, Professor, Koblentz University, Germany; Francesco Mureddu, Associate Directorr, Lisbon Council, Belgium; Juliane Schmeling Fraunhofer Institut FOKUS, Researcher, Germany; Shoumaya Ben Dhaou, Researcher, United Nations University, PT

Phi 235 social media security users guide presentation

Alan Holyoke

Software Security in the Real WorldMark Curphey

Securing And Protecting Information

Laura Martin

INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa

A Process Based Approach To Business Risk Analysis The Royal Navy Experience

Scott Faria

Review on Computer Forensic

Editor IJCTER

Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules. As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.

Cybersecurity

Eng Hasan Shamroukh CISCO Exams Author

Risk Assessment Methodologies

Philippe A. R. Schaeffer

Review of Previous ETAP Forums - Deepak Maheshwari

vpnmentor

· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx

oswald1horne84988

· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S) A. The industry.- Tamara B. The company and the concept- Tamara C. The product(s) or service(s).- Tamara D. Entry and growth strategy.- Arturo · MARKET RESEARCH AND ANALYSIS A. Customers.- Richard B. Market size and trends.- Arturo C. Competition and competitive edges.- Arturo D. Estimated market share and sales.- Richard E. Ongoing market evaluation.- Richard · MARKETING PLAN A. Overall marketing strategy.- Ryan B. Pricing.- Ryan C. Sales tactics.- Ryan D. Service and warranty policies.- Ade E. Advertising and promotion.- Ade F. Distribution.- Ade Deadline sent to Team Fileshare due- Saturday of each week by 4p. Team Members in attendance- Ryan, Richard, Arturo, Tamara, Ade I. System Design Principles A network system is a collection of integrated components that works together, to achieve a common objective. A system design is a process of defining the system architecture, modules, interfaces, data, and components of a system, to a specified requirement. Design principles describe the procedures that software developers, system analyst, and system architect designers, create through the distribution of colors, texture, and the weight of objects. This union describes the use of assets, so that there is a structured and stable system design, including system appearance, and security against unauthorized access. Security design principles are essential when designing any system to make sure security and integrity is tamper proof. Various security design principles exist and designed by the system developer, listed below include security design principles: 1. The Principle of Least Privilege requires the system developers to limit user access rights to use specific tools and informatio n in a system, this privilege gives rights to access data and applications, only to special users, with limited access to other users. The orientation of this design principle limits the system from damaging attacks from users of the system; whether they are intentional or not, it also limits the changes or damages a user can make on the system, and it reduces interactions with the system. 2. Fail Safe Defaults Principle administered by the system developer in charge of security, and authorizes users, to access system resources, based on granted access, rather than exclusion; this design principle permits, the users, to access resources, if permission is granted. By default, the users do not have access, to system resources, until authorization is given. This design principle prevents unauthorized users, from viewing resources. (Dennis & Wixom, 2000) 3. Defense In-depth Principle is a concept used by system developers use security layers on system resources. This principle requires users to provide credentials when accessing a system resource. The security experts because of the operational results and effectivene.

RAMNSS_2016_service_porfolioRhys A. Mossom

Aging Services Expo Presentation

Mary Derrick Cook

Planning and Management of online PRDavid Phillips

Star II sme hotline 21.01.20

Trilateral Research

Designing Security Across Boundaries: mapping disperse data to collaborative...

Trilateral Research

Similar to Privacy & Ethical Impact Assessment Workshop_RAMSES Project

Risk Assessment: Approach to enhance Network Security

IJCSIS Research Publications

Risk management planExecutive SummaryThe past.docx

SUBHI7

Prima presentationsorin2508

Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...

robbiesamuel

cau-3-asm-life-circle (1).docx

PhanHuuQuyBTECHN

Planning and Deploying an Effective Vulnerability Management Program

Sasha Nunke

Workshop II on a Roadmap to Future Government

Samos2019Summit

Phi 235 social media security users guide presentation

Alan Holyoke

Software Security in the Real WorldMark Curphey

Securing And Protecting Information

Laura Martin

INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa

A Process Based Approach To Business Risk Analysis The Royal Navy Experience

Scott Faria

Review on Computer Forensic

Editor IJCTER

Cybersecurity

Eng Hasan Shamroukh CISCO Exams Author

Risk Assessment Methodologies

Philippe A. R. Schaeffer

Review of Previous ETAP Forums - Deepak Maheshwari

vpnmentor

· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx

oswald1horne84988

RAMNSS_2016_service_porfolioRhys A. Mossom

Aging Services Expo Presentation

Mary Derrick Cook

Planning and Management of online PRDavid Phillips

Similar to Privacy & Ethical Impact Assessment Workshop_RAMSES Project (20)

Risk Assessment: Approach to enhance Network Security

Risk management planExecutive SummaryThe past.docx

Prima presentation

Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...

cau-3-asm-life-circle (1).docx

Planning and Deploying an Effective Vulnerability Management Program

Workshop II on a Roadmap to Future Government

Phi 235 social media security users guide presentation

Software Security in the Real World

Securing And Protecting Information

INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM

A Process Based Approach To Business Risk Analysis The Royal Navy Experience

Review on Computer Forensic

Cybersecurity

Risk Assessment Methodologies

Review of Previous ETAP Forums - Deepak Maheshwari

· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx

RAMNSS_2016_service_porfolio

Aging Services Expo Presentation

Planning and Management of online PR

More from Trilateral Research

Star II sme hotline 21.01.20

Trilateral Research

Designing Security Across Boundaries: mapping disperse data to collaborative...

Trilateral Research

Privacy and Data Protection: Limits and Opportunities for Unmanned Aerial Pla...

Trilateral Research

Risky Borders: Designing togetherness using information technology for intero...

Trilateral Research

DroneRules Pro: Supporting GDPR compliance through privacy culture among dron...

Trilateral Research

Ethics and technology in humanitarian setting

Trilateral Research

Workshop on Ethical, Legal, social Issues in Networked Information Exchange f...

Trilateral Research

Technology for Human Trafficking and sexual exploitation - Trace Projects Fin...

Trilateral Research

Overview of CLARITY project

Trilateral Research

CLAIRTY is a European Commission-funded project. Its goals are to: - Mobilise stakeholders across the open government ecosystem, - To conduct a needs assessment and gap analysis to understand gaps in the market and support growth in innovative solutions for open eGoverment in Europe, - To work with stakeholders to develop a blueprint for the next steps to encourage the provision and responsible take-up of eGovernment applications to enhance accountability, transparency and trust in public sector services.

CRISP project: overview of findings and lessons learned.

Trilateral Research

Legal and ethical issues in social capital analysis

Trilateral Research

Examining End-User Standardisation Needs for Disaster Resilience

Trilateral Research

A stakeholder based approach to standardisation for disaster resilience

Trilateral Research

Evolving Technology - Delivering Neighbourhood Policing with a smaller workforce

Trilateral Research

Social Media and ICT in Neighbourhood Policing - Opportunities and Challanges

Trilateral Research

Social Media Analysis Tools for Preparedness and Disaster Risk Reduction

Trilateral Research

ENERGIC-OD @ GEO Business 2017 presentation

Trilateral Research

Esports in the UK - privacy risks

Trilateral Research

Enhancing ethics assessment in R&I at the national level

Trilateral Research

Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...

Trilateral Research

More from Trilateral Research (20)

Star II sme hotline 21.01.20

Designing Security Across Boundaries: mapping disperse data to collaborative...

Privacy and Data Protection: Limits and Opportunities for Unmanned Aerial Pla...

Risky Borders: Designing togetherness using information technology for intero...

DroneRules Pro: Supporting GDPR compliance through privacy culture among dron...

Ethics and technology in humanitarian setting

Workshop on Ethical, Legal, social Issues in Networked Information Exchange f...

Technology for Human Trafficking and sexual exploitation - Trace Projects Fin...

Overview of CLARITY project

CRISP project: overview of findings and lessons learned.

Legal and ethical issues in social capital analysis

Examining End-User Standardisation Needs for Disaster Resilience

A stakeholder based approach to standardisation for disaster resilience

Evolving Technology - Delivering Neighbourhood Policing with a smaller workforce

Social Media and ICT in Neighbourhood Policing - Opportunities and Challanges

Social Media Analysis Tools for Preparedness and Disaster Risk Reduction

ENERGIC-OD @ GEO Business 2017 presentation

Esports in the UK - privacy risks

Enhancing ethics assessment in R&I at the national level

Methodologies for Addressing Privacy and Social Issues in Health Data: A Case...

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Microsoft - Power Platform_G.Aspiotis.pdf

Generative AI Deep Dive: Advancing from Proof of Concept to Production

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

UiPath Test Automation using UiPath Test Suite series, part 6

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

UiPath Test Automation using UiPath Test Suite series, part 5

Monitoring Java Application Security with JDK Tools and JFR Events

RESUME BUILDER APPLICATION Project for students

Climate Impact of Software Testing at Nordic Testing Days

PCI PIN Basics Webinar from the Controlcase Team

Video Streaming: Then, Now, and in the Future

20240609 QFM020 Irresponsible AI Reading List May 2024

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

The Art of the Pitch: WordPress Relationships and Sales

Large Language Model (LLM) and it’s Geospatial Applications

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Privacy & Ethical Impact Assessment Workshop_RAMSES Project

1. Privacy & Ethical Impact Assessment Workshop Anna Donovan, Trilateral Research Ltd 23 November 2017 Canterbury UK

2. CONSORTIUM COORDINATOR

3. The RAMSES project objective  Design and develop a platform for Law Enforcement Agencies (LEAs) to facilitate digital Forensic Investigations  The system will extract, analyse, link and interpret information extracted from Internet malware (ransomware & banking trojans)  Achieved by:  Combining intelligent software platform +  Tools → scraping of public and deep web, detecting manipulation and steganalysis for payments, extraction and analysis of malware samples, data analysis and visualisations  Validated by:  Validation pilots will take place in three different EU countries - Portugal, Belgium and  Exploited through:  Potential commercialisation – feasibility study for future adoption/ business models/ etc

4. P/EIA  Systematic process for identifying and addressing ethical and privacy issues in an information system  It can be described as an early warning system that can help expose risks regarding the project technology that is in development  Should be conducted through the design & development cycle of a new tool or system  Should include a consultation/ review by stakeholders  Should be published to foster public trust and responsible innovation *Wright, David and Paul de Hert, Privacy Impact Assessment, Springer, 2012

5. P/EIA process Analyse user requirements, system architecture, map information flows Identify privacy and ethical risks Develop RAMSES specific safeguards – PbD Consultation with stakeholders Communicate these to design team and technical partners RAMSES will have 2 iterations – design, development and pre-pilots

6. Breakout session 1: Risks  Identified risks re: the platform & tools  ways in which technical components and functionalities of the RAMSES platform may give rise to risks:  privacy, data protection and ethical principles  An assessment of the degree of risk and severity of impact. (although can be subjective)  Intentionally focused on negative impacts (harm)  The risks identified are not necessarily the only risks presented  Brainstorm additional risks

7. Breakout session 2: Solutions & recommendations  To emphasise privacy (including data protection) + ethical considerations throughout all stages of the project → safeguards for privacy-by-design  developed guidelines to be embedded in the design process and development of tech. eco system  To the extent this does not hinder functionality  direct response to the risks raised and the severity and likelihood of impact  Strategies to eliminate, avoid, reduce or transfer the privacy risks:  technical solutions, operational and/or organisational controls and/or communication strategies (e.g., to raise awareness).  Primary aim is to ensure that the RAMSES technology respects the privacy and ethical values of citizens.  Solutions identified are not necessarily the only ones  Brainstorm additions solutions & recommendations

8. Breakout session 3: Use cases  Ransomware infection  Banking Trojan  Malware-as-a-Service  Keep in mind that throughout RAMSES will also aid with:  Facilitation of communication between LEAs  Sharing information about ongoing attacks (where LEAs choose to share it)  Identification of ongoing / past campaigns  Identification of clusters and central entities in spreading / selling / using malware

9. Thank you  Anna Donovan Trilateral Research Ltd anna.donovan@trilateralresearch.com  www.trilateralresearch.com  www.ramses2020.eu

Privacy & Ethical Impact Assessment Workshop_RAMSES Project

Recommended

Recommended

More Related Content

Similar to Privacy & Ethical Impact Assessment Workshop_RAMSES Project

Similar to Privacy & Ethical Impact Assessment Workshop_RAMSES Project (20)

More from Trilateral Research

More from Trilateral Research (20)

Recently uploaded

Recently uploaded (20)

Privacy & Ethical Impact Assessment Workshop_RAMSES Project