Chapter 3-Privacy Risk and Impact Assessment PDF
Document Details
Uploaded by WonHaiku
Al-Balqa Applied University
Tags
Summary
This document provides an overview of risk management and impact assessments, focusing on principles and steps involved in a typical risk assessment process. It covers topics like identifying threats, assessing vulnerabilities, and analyzing risks to data subjects.
Full Transcript
Introduction Risk management is the on-going process of identifying, assessing, prioritizing, and addressing risks Risk management ensures that organizations have assessed and planned for risks that are most likely to have an effect on their operations COE426: Lecture...
Introduction Risk management is the on-going process of identifying, assessing, prioritizing, and addressing risks Risk management ensures that organizations have assessed and planned for risks that are most likely to have an effect on their operations COE426: Lecture 3 1 Risk Terminology Threat: is something (generally bad) that might happen Natural disaster Cyber attack Vulnerability: is any exposure (or weaknesses) that could allow a threat to be realized Lack of power backups Misconfiguration or software bugs COE426: Lecture 3 Risk Terminology Risk: is the likelihood that a particular threat will be realized against a specific vulnerability Not all risks are inherently bad; some risks can lead to positive results The extent of damage (or even positive effect) from a threat determines the level of risk Impact: refers to the amount of harm a threat exploiting a vulnerability can cause if a virus infects a system, the virus could affect all the data on the system. COE426: Lecture 3 Risk Terminology Risk = Threats × Vulnerabilities Multiplying the probability of a threat and the likelihood of a vulnerability yields the risk of that particular event Risks apply to specific assets or resources. Multiplying the risk probability by the value of the resource, the result is the expected loss from exposure to a specific risk COE426: Lecture 3 Risk Assessment Process of assessing security-related risks: To an organization’s computers and networks From both internal and external threats Identifies investments that best protect from most likely and serious threats Focuses security efforts on areas of highest payoff Risk Assessment (cont’d.) Eight-step risk assessment process #1 Identify assets of most concern #2 Identify loss events that could occur #3 Assess likelihood of each potential threat #4 Determine the impact of each threat #5 Determine how each threat could be mitigated #6 Assess feasibility of mitigation options #7 Perform cost-benefit analysis #8 Decide which countermeasures to implement Risk Assessment (cont’d.) Risk Assessment (cont’d.) Risk Methodology A risk methodology is a description of how risk is managed. It should include: Approach to be used to carry out the steps of the risk methodology process Required information Techniques to address each risk COE426: Lecture 3 Risk Management In ISO 27000: "Risk management is a systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analyzing, evaluating, treating, monitoring and reviewing risk" Risk management steps: 1. Establishing the context 2. Risk identification 3. Risk analysis Risk assessment 4. Risk evaluation 5. Risk treatment 6. Risk communication and consultation 7. Risk monitoring and review COE426: Lecture 3 10 Risk Management Process COE426: Lecture 3 11 1- Context Establishment In information security, this involves defining the scope and boundaries, and establishing appropriate organizational structure In data privacy, this can be Defining the nature, scope, context, and purpose of processing data Organization objectives for protecting data privacy Naming stakeholders Defining roles and responsibilities Specifications of records Develop risk evaluation, impact, and acceptance criteria COE426: Lecture 3 12 2- Risk Identification Objectives: Determine what could happen to cause a potential loss to assets Gain insights into how, where, and why the loss might happen Risk identification sub-steps Identification of assets: the only asset is PIIs (Personal Identifiable Information ) Identification of threats: Application level Communication level System level Audit trails COE426: Lecture 3 13 2- Risk Identification Identification of existing controls Technical Organization structures Legal Identification of vulnerabilities Personnel Hardware/Software Policies/procedures System configuration Third parties Identification of consequences: damage to individual's rights and freedom Benign inconveniences Moderate disruptions Catastrophic events COE426: Lecture 3 14 3- Risk Analysis Risks are associated with potential damage to tangible and intangible assets Risk analysis can qualitative or quantitative Qualitative analysis uses a scale to describe probability and consequences. Consequences -> insignificant, minor, medium, major, catastrophic Probability -> rare, unlikely, probable, likely, certain Quantitative uses a numerical scale COE426: Lecture 3 15 4- Risk Evaluation The output from the risk analysis phase is used as input to risk evaluation Level of all risks need to be compared against risk evaluation criteria and risk acceptance criteria Risk value Evaluation criteria action Risk value Acceptance criteria action Low Reduce risk considering the cost of Low Can be accepted without documented prevention compared to a reduction in justification risk Moderate Can be accepted provided that Moderate Action must be taken. Where the impact continual monitoring is in place. is major, urgent action must be taken Treatment plans need to be investigated and implemented where required High Urgent action must be taken High Can be accepted by senior management with adequate documented justification and where possible mitigation treatment plans are implemented immediately COE426: Lecture 3 16 5- Risk Treatment The process of selecting and implementing of measures to modify risk Options to treat risks (ISO 27005) Risk acceptance (retention) Risk mitigation (modification) Risk transfer (sharing) Risk avoidance Mitigation controls Anonymization and pseudonymization Encryption 17 Process Summary Establishing the context: understanding the organization (e.g., processing of personal data, roles, responsibilities), the technical environment and the factors influencing privacy risk management (e.g., legal, contractual, business, etc) Risk assessment: identifying, analyzing the evaluating risks to data subjects Risk treatment: defining privacy safeguarding requirements, identifying and implementing privacy controls to avoid or reduce the risks to data subjects Communication and consultation: getting information from interested parties, obtaining consensus on each risk management process, and informing data subjects about risks and controls Monitoring and review: following up risks and controls and improving the process COE426: Lecture 3 18 Impact Assessments One deliverable of the privacy risk assessment process is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) An evaluation conducted to assess how the adoption of new information policies, the procurement of new computer systems, or the initiation of new data collection programs will affect individual privacy 19 PIA and DPIA Fundamentals The basic principles of PIA and DPIA are similar During each stage of a PIA or DPIA, define the following The parties (data controllers, processors, and subjects) The data nature and scope The purposes of data processing The compliance requirements under GDPR and/or other legislation PIA and DPIA are iterative cycle of four sequential stages: Defining the context of personal data processing Establishing controls to ensure compliance with the fundamental principles Assessing associated privacy risks Validating the attained data protection level 20 Case Study: Tracing Applications Several measures have been to limit the spread of COVID-19, including social distancing, mass testing, quarantine and lockdown, and contact tracing Proactively inform people who contacted an infected patient Often performed manually; it is labor intensive A recent study concluded that "viral spread is too fast to be contained by manual contact tracing, but could be controlled if this process was faster, more efficient and happened at scale" Goal: a system for contact tracing that enables a scalable approach to monitor the spread of the disease and notify potentially infected people immediately Answer the following questions: What are core functionalities of contact tracing applications? What data need be collected? Who are the stakeholders? What security/privacy risks can you identify in contact tracing apps? What controls need to be taken to mitigate such risks? COE426: Lecture 3 21