DOCSLIB.ORG

Updated Privacy and Security-By-Design Methodology

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Updated Privacy and Security-By-Design Methodology Privacy- and Security-by-Design Methodology Handbook Version: V1.00 Date: 31 December 2015 Author/s: Alberto Crespo García (ATOS) Nicolás Notario McDonnell (ATOS) Carmela Troncoso (Gradiant) This project has received Daniel Le Métayer (Inria) funding from the European Inga Kroener (Trilateral) Union’s Seventh Framework David Wright (Trilateral) Programme for research, José María del Álamo (UPM) technological development Yod Samuel Martín (UPM) and demonstration under grant agreement no ICT- 610613 PRIPARE Privacy- and Security-by-Design Methodology Handbook V1.00 Table of Contents LIST OF FIGURES ..................................................................................................4 LIST OF TABLES ....................................................................................................5 ABBREVIATIONS AND DEFINITIONS .....................................................................6 FOREWORD .........................................................................................................9 1 INTRODUCTION .......................................................................................... 10 2 REFERENCE MODEL ..................................................................................... 12 3 PHASES ....................................................................................................... 14 4 ROLES ......................................................................................................... 16 5 EXAMPLE DESCRIPTION .............................................................................. 18 6 PROCESSES ................................................................................................. 20 6.1 ENVIRONMENT & INFRASTRUCTURE ............................................................................. 20 6.1.1 Organizational Privacy Architecture ............................................................. 20 6.1.2 Promote privacy awareness ......................................................................... 22 6.2 ANALYSIS .............................................................................................................. 24 6.2.1 Functional Description and High-Level Privacy Analysis .............................. 26 6.2.2 Legal assessment .......................................................................................... 29 6.2.3 Privacy and security plan preparation .......................................................... 32 6.2.4 Detailed privacy analysis .............................................................................. 33 6.2.5 Operationalization of Privacy Principles ....................................................... 38 6.2.6 Risk management ......................................................................................... 44 6.3 DESIGN ................................................................................................................. 49 6.3.1 Privacy enhancing architecture design ......................................................... 50 6.3.2 Privacy-Enhancing Detailed Design .............................................................. 58 6.4 IMPLEMENTATION ................................................................................................... 63 6.4.1 Privacy implementation................................................................................ 63 6.5 VERIFICATION ......................................................................................................... 66 6.5.1 Accountability ............................................................................................... 66 6.5.2 Security & Privacy static analysis (a priori verification) ............................... 67 6.5.3 Security & Privacy dynamic analysis ............................................................. 69 6.6 RELEASE ................................................................................................................ 71 6.6.1 Create Incident Response Plan ..................................................................... 71 6.6.2 Create system decommissioning plan .......................................................... 73 6.6.3 Final Security & Privacy review .................................................................... 75 6.6.4 Publish PIA report ......................................................................................... 77 6.7 MAINTENANCE ....................................................................................................... 79 6.7.1 Execute incident response plan .................................................................... 79 6.7.2 Security & Privacy verifications .................................................................... 81 31/12/2015 2 PRIPARE Privacy- and Security-by-Design Methodology Handbook V1.00 6.8 DECOMMISSIONING ................................................................................................. 83 6.8.1 Execute decommissioning plan .................................................................... 83 7 METHODOLOGY APPLICATION GUIDELINES ................................................ 85 7.1 ITINERARIES ........................................................................................................... 85 7.1.1 Mandatory .................................................................................................... 87 7.1.2 Lightweight ................................................................................................... 87 7.1.3 Standard ....................................................................................................... 89 7.2 MERGING WITH EXISTING METHODOLOGIES .................................................................... 90 7.2.1 Integrating ISO 9241-210 User-Centered Design Process ............................ 90 7.2.2 Software and system engineering methodologies ....................................... 94 7.2.3 Project management methodologies ......................................................... 107 ANNEX A: PSMA TEMPLATE ............................................................................ 113 A.1 PURPOSE ............................................................................................................... 113 A.2 PRIVACY & SECURITY TEAM ......................................................................................... 113 A.3 INTRODUCTION AND OBJECTIVE .................................................................................... 113 A.4 ITINERARY AND ROADMAP .......................................................................................... 113 A.5 DEFINITIONS ........................................................................................................... 113 A.6 FUNCTIONAL DESCRIPTION .......................................................................................... 113 A.6.1 Privacy stakeholders / actors .......................................................................... 113 A.6.2 Domains and roles ........................................................................................... 113 A.6.3 Relevant business processes, products, systems and applications within systems 114 A.6.4 Data subject(s) associated ............................................................................... 114 A.6.5 Data flows and touch points............................................................................ 114 A.7 IMPACT ASSESSMENT ................................................................................................. 115 A.7.1 Policies and regulation .................................................................................... 115 A.7.2 Privacy principles / targets .............................................................................. 115 A.7.3 Risk assessment ............................................................................................... 116 A.7.4 Feared events .................................................................................................. 116 A.7.5 Threats ............................................................................................................. 117 A.7.6 Initial Impact Assessment ................................................................................ 118 A.8 CONFORMANCE CRITERIA ........................................................................................... 118 A.9 DESIGN LOGBOOK .................................................................................................... 118 A.10 PRIVACY CONTROLS ................................................................................................. 118 A.11 REMAINING THREATS AND RECOMMENDATIONS ............................................................. 118 A.12 ACCOUNTABILITY .................................................................................................... 119 A.13 INCIDENT RESPONSE PLAN ......................................................................................... 119 A.14 SYSTEM DECOMMISSIONING PLAN .............................................................................. 119 A.15 FINAL PIA REPORT .................................................................................................. 119 ANNEX B LIST OF PRIVACY PRINCIPLES, GUIDELINES, AND CRITERIA FOR REQUIREMENTS OPERATIONALIZATION .......................................................... 120 31/12/2015 3 PRIPARE Privacy- and Security-by-Design Methodology Handbook V1.00 List of Figures Figure 1: PRIPARE’s methodology reference model 12 Figure 2: PRIPARE methodology phases 15
Load more

Recommended publications
  • NOTHING to HIDE: Tools for Talking (And Listening) About Data Privacy for Integrated Data Systems
    NOTHING TO HIDE: Tools for Talking (and Listening) About Data Privacy for Integrated Data Systems OCTOBER 2018 Acknowledgements: We extend our thanks to the AISP Network and Learning Community, whose members provided their support and input throughout the development of this toolkit. Special thanks to Whitney Leboeuf, Sue Gallagher, and Tiffany Davenport for sharing their experiences and insights about IDS privacy and engagement, and to FPF Policy Analyst Amy Oliver and FPF Policy Intern Robert Martin for their contributions to this report. We would also like to thank our partners at Third Sector Capital Partners and the Annie E. Casey Foundation for their support. This material is based upon work supported by the Corporation for National and Community Service (CNCS). Opinions or points of view expressed in this document are those of the authors and do not necessarily reflect the official position of, or a position that is endorsed by, CNCS or the Social Innovation Fund. TABLE OF CONTENTS Introduction ............................................................................................................................................................................................................................. 2 Why engage and communicate about privacy? ................................................................................................................................................. 2 Using this toolkit to establish social license to integrate data .....................................................................................................................
    [Show full text]
  • National Privacy Research Strategy
    NATIONAL PRIVACY RESEARCH STRATEGY National Science and Technology Council Networking and Information Technology Research and Development Program June 2016 National Privacy Research Strategy About the National Science and Technology Council The National Science and Technology Council (NSTC) is the principal means by which the Executive Branch coordinates science and technology policy across the diverse entities that make up the Federal research and development (R&D) enterprise. One of the NSTC’s primary objectives is establishing clear national goals for Federal science and technology investments. The NSTC prepares R&D packages aimed at accomplishing multiple national goals. The NSTC’s work is organized under five committees: Environment, Natural Resources, and Sustainability; Homeland and National Security; Science, Technology, Engineering, and Mathematics (STEM) Education; Science; and Technology. Each of these committees oversees subcommittees and working groups that are focused on different aspects of science and technology. More information is available at www.whitehouse.gov/ostp/nstc. About the Office of Science and Technology Policy The Office of Science and Technology Policy (OSTP) was established by the National Science and Technology Policy, Organization, and Priorities Act of 1976. OSTP’s responsibilities include advising the President in policy formulation and budget development on questions in which science and technology are important elements; articulating the President’s science and technology policy and programs; and fostering strong partnerships among Federal, state, and local governments, and the scientific communities in industry and academia. The Director of OSTP also serves as Assistant to the President for Science and Technology and manages the NSTC. More information is available at www.whitehouse.gov/ostp.
    [Show full text]
  • Designing Privacy for You a Practical Approach for User-Centric Privacy
    Designing Privacy for You A Practical Approach for User-Centric Privacy Awanthika Senarath1, Nalin A.G. Arachchilage2, and Jill Slay3 1 Australian Centre for Cyber Security University of New South Wales - Canberra Australian Defence force Academy, Australia Email: [email protected] 2 Email: [email protected] 3 Email: [email protected] Abstract. Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a man- ner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding pri- vacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement it along with the software development life cycle. 1 Introduction Donald Trump’s presidential campaign was seriously damaged, when a personal conversation he had with a friend ten years ago (in 2005) was recorded and re- leased to the public during his run in the elections in 2016 in the USA. The recording had been done without the knowledge of the two people engaged in the conversation and was released at a very critical moment in the presidential campaign [1]. This is not much different to the situation users face on a daily basis when using on-line applications to network, communicate, shopping and banking on-line, and for many other personal tasks [9]. Due to the pervasiveness of Information and Communication Technology on-line applications have be- come an integral part of users [7].
    [Show full text]
  • The Internet of Audio Things: State-Of-The-Art, Vision, and Challenges Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei
    The Internet of Audio Things: state-of-the-art, vision, and challenges Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei To cite this version: Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei. The Internet of Audio Things: state-of-the-art, vision, and challenges. IEEE internet of things journal, IEEE, 2020, 7 (10), pp.10233-10249. 10.1109/JIOT.2020.2997047. hal-02930053v2 HAL Id: hal-02930053 https://hal.archives-ouvertes.fr/hal-02930053v2 Submitted on 8 Jan 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. IEEE INTERNET OF THINGS JOURNAL, VOL. XX, NO. X, NOVEMBER 2020 1 The Internet of Audio Things: state-of-the-art, vision, and challenges Luca Turchet, Gyorgy¨ Fazekas, Mathieu Lagrange, Hossein S. Ghadikolaei, and Carlo Fischione, Senior Member, IEEE, Abstract—The Internet of Audio Things (IoAuT) is an emerg- the emerging field of the Internet of Musical Things (IoMusT) ing research field positioned at the intersection of the Internet [7], where a number of devices for music production and of Things, sound and music computing, artificial intelligence, consumption are connected within ecosystems that multiply and human-computer interaction.
    [Show full text]
  • Contribution to Study Period on Privacy Engineering Framework
    PReparing Industry to Privacy-by-design by supporting its Application in REsearch Contribution to Study Period on Privacy Engineering Framework Project: PRIPARE Project Number: ICT -6106 Title: Contribution to Study Period on Privacy Engineering Framework Version: v1.0 Part of the Seventh Date: 06/08/2015 Framework Programme Confidentiality: Public Funded by the EC - DG CNECT Author/s: Antonio Kung, Christophe Jouvray (Trialog), Nicolas Notario, Alberto Crespo (Atos), Samuel Martin, José del Álamo (UPM), Carmela Troncoso (Gradiant). PRIPARE Contribution to Study Period on Privacy Engineering Framework v1.0 Table of Contents SUMMARY ..........................................................................................................4 LIST OF FIGURES ..................................................................................................5 ABBREVIATIONS AND DEFINITIONS .....................................................................5 1 INTRODUCTION ............................................................................................6 2 PRIVACY FRAMEWORK VERSUS PRIVACY ENGINEERING FRAMEWORK .........7 2.1 ABOUT FRAMEWORKS ................................................................................................ 7 2.2 POSITIONING PRIVACY ENGINEERING IN ORGANISATIONS..................................................... 7 2.3 WHY A PRIVACY ENGINEERING FRAMEWORK? ................................................................ 10 2.3.1 Need for Convergence of Terms..................................................................
    [Show full text]
  • Opening & Welcoming Remarks
    Tuesday, April 10 – Wednesday, April 11, 2018, Washington, DC Opening & Welcoming Remarks Speaker 1 Joe Bhatia, President and CEO, ANSI Welcoming Remarks from ANSI Joe Bhatia has been president and CEO of the American National Standards Institute (ANSI) since January 2006. He previously served as executive vice president and COO of the international group at Underwriters Laboratories (UL). Mr. Bhatia serves as vice chairman of the Industry Trade Advisory Committee on Standards and Technical Trade Barriers (ITAC 16), a joint program of the U.S. Department of Commerce and U.S. Trade Representative. He is a member of the International Organization for Standardization (ISO) Council and its Council Standing Committee on Finance, and holds a seat on the Oakton Community College Education Foundation Board. In 2017 he concluded his term as president of the Pan American Standards Commission (COPANT), where he also served as vice president for four years. Speaker 2 Christoph Winterhalter, Chairman of the Executive Board of DIN Welcoming Remarks from DIN After studying computer science at the University of Karlsruhe Winterhalter started his career at ABB. After assignments in Norway, USA and Germany he took over the business units robot automation and robotics products. In 2010 he became director of the German Research Center of ABB until he was promoted global Product Group manager heading ABB’s global Machinery Controls and Automation business and later Hub Business Manager Control Technologies. Since July 2016 he is Chairman of the Executive Board of DIN. Speaker 3 Thomas Sentko, Standards Manager, International of DKE Welcoming remarks from DKE 2 Thomas studied electrical engineering/telecommunications at the University of Applied Sciences Darmstadt and graduated with the degree Dipl.Ing.
    [Show full text]
  • Privacy Engineering for Social Networks
    UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year.
    [Show full text]
  • Roundtable-1-Presentation-March-20-2018.Pdf
    welcome! Thanks for coming! We will give tonight’s presentation and invite questions twice (6 pm and 7:30 pm). Please be sure to also join a small group roundtable discussion at the other end of the hall. hello! Hi, I’m Meg Davis, + I’m Rit Aggarwala 3 Thank you! For joining us to roll up your sleeves and tackle some tough questions with us 4 Town Hall What we heard you care about Well-being and community health People-centred planning Public transit and personal mobility Sustainable, resilient, climate-positive development Diversity and inclusion Housing quality and affordability Data-informed decision-making Privacy and data governance Green space, recreation and leisure Engaged communities Entrepreneurship and innovation 5 5 Since Last Time Built and organized our joint Sidewalk Toronto team and opened a TO office Developed a robust public engagement plan with firm dates Forming 6 advisory groups (80+ local leaders) to guide us in our work Met with key stakeholders, including representatives of all levels of government Exploring a series of pilots and prototypes to launch in Toronto Focused our core research questions to develop work plans and hypotheses 6 Tonight Describe what this project is all about Explain what we’re working on and where we need your input Open the floor to your questions and address some of your concerns Discuss key questions in a roundtable conversation 7 7 Who We Are Transforming the waterfront for the use and enjoyment of the people and visitors of Toronto, Ontario and Canada, to foster economic growth and to redefine how the city, province and country are perceived by the world — a project of national significance.
    [Show full text]
  • Predictability for Privacy in Data Driven Government
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Minnesota Law School Minnesota Journal of Law, Science & Technology Volume 20 Issue 1 Article 3 1-6-2019 Predictability for Privacy in Data Driven Government Jordan Blanke Mercer University Janine Hiller Virginia Tech Follow this and additional works at: https://scholarship.law.umn.edu/mjlst Part of the Administrative Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Jordan Blanke & Janine Hiller, Predictability for Privacy in Data Driven Government, 20 MINN. J.L. SCI. & TECH. 32 (2018). Available at: https://scholarship.law.umn.edu/mjlst/vol20/iss1/3 The Minnesota Journal of Law, Science & Technology is published by the University of Minnesota Libraries Publishing. Predictability for Privacy in Data Driven Government Jordan M. Blanke* and Janine S. Hiller† Abstract The Deferred Action for Childhood Arrivals program (DACA) required individuals to provide a great deal of personal information in order to participate and remain in the United States legally; could information in the same system now be used for deportations? More broadly, how should systems of data that are created legitimately by United States agencies and compiled for one reason, be used for other reasons? The increasing emphasis on “smart cities” that use data to efficiently provide and plan for service delivery will require the integration of data from multiple government and non- government sources, in ways that citizens may not expect. There are increasing calls for the federal government to open up and share the data collected for one reason for use in additional, unrelated ways, and to combine that data with data collected by commercial, private entities.
    [Show full text]
  • Curriculum Vitae
    Daniel Smullen Curriculum Vitae “Don’t have good ideas if you aren’t willing to be responsible for them.” —Alan Perlis About Me I solve socio-technical problems using interdisciplinary research methods. I want to help the world to develop more usable, secure, privacy-preserving, trustworthy software. Education 2021 Doctor of Philosophy (Software Engineering), Carnegie Mellon University School of Computer Science, Pittsburgh. Institute for Software Research, Committee: Norman Sadeh (Chair), Lorrie Faith Cranor, Alessandro Acquisti, Rebecca Weiss (External, Mozilla), Yaxing Yao (External, UMBC) + My research is focused on Usable Privacy and Security, incorporating qualitative and quantitative (mixed-methods) methodologies seen in behavioral economics, user-centered design, requirements engineering, machine learning, and empirical software engineering. + My thesis investigates a broad cross section of privacy and security decisions in browsers and mobile apps; systematically assessing their effectiveness and manageability, exploring standardization, discussing public policy issues, and generalizability to other domains (e.g., Internet of Things). + My work demonstrates that when the settings are well-aligned with people’s mental models, machine learning can leverage the predictive power in models of more complex settings to help people manage their preferences more easily – this can effectively mitigate trade-offs between accuracy and increased user burden as settings proliferate. 2018 Master of Science (Software Engineering), Carnegie Mellon University, Pittsburgh, Institute for Software Research. 2014 Bachelor of Engineering (Honours, Software Engineering), Ontario Tech, Formerly: University of Ontario Institute of Technology, Oshawa, With Distinction. Academic Work Experience 2014 – Present PhD Candidate, Carnegie Mellon University, Pittsburgh, Institute for Software Research. 2017 – 2021 Research Advisor, Carnegie Mellon University, Pittsburgh, Institute for Software Research.
    [Show full text]
  • Testing Our Trust: Consumers and the Internet of Things (2017 Review)
    Testing our trust: consumers and the Internet of Things 2017 review Contents 1. Connected by default: why the internet of things is important for consumers 1 2. Review of the consumer internet of things market 3 Steady growth 3 New opportunities 6 3. Consumer attitudes to the Internet of Things 7 Privacy and security remain big concerns for consumers 7 Safety fears 7 Low trust in technology 8 4. Challenges that persist for consumers in the Internet of Things 8 Consumers are not informed 8 Security vulnerabilities cause global internet disruption 9 Privacy violations 10 Remote enforcement of contract terms 10 Buying a brick 11 Companies not equipped for proper aftercare 11 5. Responses to consumer challenges and concerns 12 National governments and inter-governmental bodies 12 Industry, civil society and coalition responses 16 6. Conclusions and next steps 18 Demand side power? 18 The role of the consumer movement 19 2 2017 review: testing our trust Coming together for change 1. Connected by default: With 5G predicted to arrive in some countries early next year2, we can expect faster speeds, improved response why the Internet of time, and the bandwidth needed for billions of Internet of Things devices to communicate with each other. 5G Things is important could also mean a reduction in energy usage. These improvements are predicted to not only improve user for consumers experience but also pave the way for further innovations. Consumer applications in the Internet of Things The way that we currently experience the internet can bring many benefits to people around the world involves, to some extent, a choice about how and when to including: more responsive services; shorter feedback engage.
    [Show full text]
  • Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems
    Draft NIST Special Publication 800-160 VOLUME 2 Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems RON ROSS RICHARD GRAUBART DEBORAH BODEAU ROSALIE MCQUAID This document is a supporting publication to the NIST systems security engineering guidance provided in Special Publication 800-160, Volume 1. The content was specifically designed to PRE-RELEASE DRAFT be used with and to complement the flagship systems security NOT FOR DISTRIBUTION engineering publication to support organizations that require cyber resiliency as a property or characteristic of their systems. The goals, objectives, techniques, implementation approaches, and design principles that are described in this publication are an integral part of a cyber resiliency engineering framework and are applied in a life cycle-based systems engineering process. Draft NIST Special Publication 800-160 VOLUME 2 Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology RICHARD GRAUBART DEBORAH BODEAU ROSALIE MCQUAID Cyber Resiliency and Innovative Mission Engineering Department The MITRE Corporation March 2018 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology DRAFT NIST SP 800-160, VOLUME 2 SYSTEMS SECURITY ENGINEERING CYBER RESILIENCY CONSIDERATIONS FOR THE ENGINEERING OF TRUSTWORTHY SECURE SYSTEMS ________________________________________________________________________________________________________________________________________________ Authority This publication has been developed by the National Institute of Standards and Technology to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283.
    [Show full text]