Chapter 3-Privacy Risk and Impact Assessment.pdf

Transcript

Introduction

 Risk management is the on-going process of identifying,
assessing, prioritizing, and addressing risks
 Risk management ensures that organizations have
assessed and planned for risks that are most likely to
have an effect on their operations

COE426: Lecture 3 1
Risk Terminology
 Threat: is something (generally bad)
that might happen
 Natural disaster
 Cyber attack
 Vulnerability: is any exposure (or
weaknesses) that could allow a
threat to be realized
 Lack of power backups
 Misconfiguration or software bugs

COE426: Lecture 3
 Risk Terminology
 Risk: is the likelihood that a particular threat will be realized against a specific
vulnerability
 Not all risks are inherently bad; some risks can lead to positive results
 The extent of damage (or even positive effect) from a threat determines the level of
risk
 Impact: refers to the amount of harm a threat exploiting a vulnerability can
cause
 if a virus infects a system, the virus could affect all the data on the system.

COE426: Lecture 3
Risk Terminology
Risk = Threats × Vulnerabilities
 Multiplying the probability of a threat and the likelihood of a
vulnerability yields the risk of that particular event
 Risks apply to specific assets or resources.
 Multiplying the risk probability by the value of the resource, the
result is the expected loss from exposure to a specific risk

COE426: Lecture 3
Risk Assessment

 Process of assessing security-related risks:
 To an organization’s computers and networks
 From both internal and external threats
 Identifies investments that best protect from most
likely and serious threats
 Focuses security efforts on areas of highest payoff
Risk Assessment (cont’d.)

 Eight-step risk assessment process
 #1 Identify assets of most concern
 #2 Identify loss events that could occur
 #3 Assess likelihood of each potential threat
 #4 Determine the impact of each threat
 #5 Determine how each threat could be mitigated
 #6 Assess feasibility of mitigation options
 #7 Perform cost-benefit analysis
 #8 Decide which countermeasures to implement
Risk Assessment (cont’d.)
Risk Assessment (cont’d.)
Risk Methodology

 A risk methodology is a description of how risk is
managed. It should include:
 Approach to be used to carry out the steps of the risk
methodology process
 Required information
 Techniques to address each risk

COE426: Lecture 3
Risk Management

 In ISO 27000: "Risk management is a systematic application of
management policies, procedures and practices to the activities of
communicating, consulting, establishing the context and
identifying, analyzing, evaluating, treating, monitoring and
reviewing risk"

 Risk management steps:
1. Establishing the context
2. Risk identification
3. Risk analysis Risk assessment
4. Risk evaluation
5. Risk treatment
6. Risk communication and consultation
7. Risk monitoring and review

COE426: Lecture 3 10
Risk Management Process

COE426: Lecture 3 11
1- Context Establishment

 In information security, this involves defining the scope
and boundaries, and establishing appropriate
organizational structure
 In data privacy, this can be
 Defining the nature, scope, context, and purpose of
processing data
 Organization objectives for protecting data privacy
 Naming stakeholders
 Defining roles and responsibilities
 Specifications of records
 Develop risk evaluation, impact, and acceptance criteria

COE426: Lecture 3 12
2- Risk Identification

 Objectives:
 Determine what could happen to cause a potential loss to
assets
 Gain insights into how, where, and why the loss might happen
 Risk identification sub-steps
 Identification of assets: the only asset is PIIs (Personal
Identifiable Information )
 Identification of threats:
 Application level
 Communication level
 System level
 Audit trails

COE426: Lecture 3 13
2- Risk Identification

 Identification of existing controls
 Technical
 Organization structures
 Legal
 Identification of vulnerabilities
 Personnel
 Hardware/Software
 Policies/procedures
 System configuration
 Third parties
 Identification of consequences: damage to individual's rights and freedom
 Benign inconveniences
 Moderate disruptions
 Catastrophic events

COE426: Lecture 3 14
3- Risk Analysis
 Risks are associated with potential damage to tangible and
intangible assets
 Risk analysis can qualitative or quantitative
 Qualitative analysis uses a scale to describe probability and
consequences.
 Consequences -> insignificant,
minor, medium, major, catastrophic
 Probability -> rare, unlikely,
probable, likely, certain
 Quantitative uses a numerical
scale

COE426: Lecture 3 15
4- Risk Evaluation

 The output from the risk analysis phase is used as input
to risk evaluation
 Level of all risks need to be compared against risk
evaluation criteria and risk acceptance criteria
Risk value Evaluation criteria action Risk value Acceptance criteria action

Low Reduce risk considering the cost of Low Can be accepted without documented
prevention compared to a reduction in justification
risk
Moderate Can be accepted provided that
Moderate Action must be taken. Where the impact continual monitoring is in place.
is major, urgent action must be taken Treatment plans need to be investigated
and implemented where required
High Urgent action must be taken
High Can be accepted by senior management
with adequate documented justification
and where possible mitigation
treatment plans are implemented
immediately

COE426: Lecture 3 16
5- Risk Treatment

 The process of selecting and implementing of measures
to modify risk
 Options to treat risks (ISO 27005)
 Risk acceptance (retention)
 Risk mitigation (modification)
 Risk transfer (sharing)
 Risk avoidance
 Mitigation controls
 Anonymization and pseudonymization
 Encryption

17
Process Summary

 Establishing the context: understanding the organization (e.g.,
processing of personal data, roles, responsibilities), the technical
environment and the factors influencing privacy risk management
(e.g., legal, contractual, business, etc)
 Risk assessment: identifying, analyzing the evaluating risks to data
subjects
 Risk treatment: defining privacy safeguarding requirements,
identifying and implementing privacy controls to avoid or reduce
the risks to data subjects
 Communication and consultation: getting information from
interested parties, obtaining consensus on each risk management
process, and informing data subjects about risks and controls
 Monitoring and review: following up risks and controls and
improving the process

COE426: Lecture 3 18
Impact Assessments
 One deliverable of the privacy risk assessment process is
Privacy Impact Assessment (PIA) or Data Protection
Impact Assessment (DPIA)
 An evaluation conducted to assess how the adoption of
new information policies, the procurement of new
computer systems, or the initiation of new data
collection programs will affect individual privacy

19
PIA and DPIA Fundamentals

 The basic principles of PIA and DPIA are similar
 During each stage of a PIA or DPIA, define the following
 The parties (data controllers, processors, and subjects)
 The data nature and scope
 The purposes of data processing
 The compliance requirements under GDPR and/or other
legislation
 PIA and DPIA are iterative cycle of four sequential stages:
 Defining the context of personal data processing
 Establishing controls to ensure compliance with the
fundamental principles
 Assessing associated privacy risks
 Validating the attained data protection level

20
Case Study: Tracing
Applications
 Several measures have been to limit the spread of COVID-19, including
 social distancing, mass testing, quarantine and lockdown, and contact tracing
 Proactively inform people who contacted an infected patient
 Often performed manually; it is labor intensive
 A recent study concluded that "viral spread is too fast to be contained
by manual contact tracing, but could be controlled if this process was
faster, more efficient and happened at scale"
 Goal: a system for contact tracing that enables a scalable approach to
monitor the spread of the disease and notify potentially infected people
immediately
 Answer the following questions:
 What are core functionalities of contact tracing applications?
 What data need be collected? Who are the stakeholders?
 What security/privacy risks can you identify in contact tracing apps?
 What controls need to be taken to mitigate such risks?

COE426: Lecture 3 21