[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pbd-se] Privacy Engineering & Assurance - Technical Sub-WG?
Thanks This complements Jose's paper / efforts as well as Ian's efforts, captured fairly well by Joe below. Including the "Cyber enabled / facilitated Privacy by Design" approach, effort my SD IEEE / ISC2 groups is developing? below links to that brief / paper. Seems we would most all agree that we need some level of technical sub-WG for PBD-SE? CIAO -----Original Message----- From: pbd-se@lists.oasis-open.org [mailto:pbd-se@lists.oasis-open.org] On Behalf Of frank.dawson@nokia.com Sent: Monday, September 8, 2014 4:58 PM To: pbd-se@lists.oasis-open.org Cc: frank.dawson@nokia.com Subject: [pbd-se] Privacy Engineering & Assurance https://www.oasis-open.org/committees/document.php?document_id=54054&wg_abbr ev=pbd-se Please find above URL to input contribution from Nokia on "Privacy Engineering & Assurance - The Emerging Engineering Discipline for implementing Privacy by Design" for consideration by OASIS PbD-SE TC. This might serve as basis for a white paper from the group on what we have in mind for the Privacy Engineering discipline. From: José M. del Álamo [mailto:jm.delalamo@upm.es] Sent: Monday, September 8, 2014 5:58 AM To: Mike Davis Cc: Oliver, Ian Subject: Re: [pbd-se] A Cyber model enabling / Facilitating Privacy by Design (PbD) Hi Mike, thanks for the welcome and the references. I went through your initial description and the detailed technical paper, and I agree we are both focusing somehow on the same problem: you providing a global framework for that and UPM focusing on specifities for requirements operationalization (what you named in your technical paper as "...a community approved requirements set..."). I am also aware of Ian's work on privacy engineering and the use of data flows and ontologies to guide the process, but I am still trying to put all the pieces together and get the global picture. Hope we can shed some light on this in the PbD SE discussions. Regards, Jose 2014-09-07 18:32 GMT+02:00 Mike Davis <mike.davis.sd@gmail.com>: Hi Jose, Welcome to the group? I skimmed your paper? great stuff!! Maybe you can skim the one we did on subject line? (see Cyber 4 PbD verbiage . links below) First the overview brief, then the paper? (which we used to put in several DHS proposals on the topic as well) Then maybe you, Ian and I can harmonize? CIAO Mike From: pbd-se@lists.oasis-open.org [mailto:pbd-se@lists.oasis-open.org] On Behalf Of José M. del Álamo Sent: Friday, September 5, 2014 5:44 AM To: pbd-se@lists.oasis-open.org Subject: [pbd-se] Brief introduction Hi folks! I've just joined the PbD-SE group and would like to introduce myself. I'm Associate Professor at Universidad Politecnica de Madrid (UPM), involved in several research projects regarding privacy engineering. Here at UPM we are currently focusing on privacy requirements operationalization, and the use of heuristics to move from principles to design requirements (you can find in [1] a light paper briefly describing our position on this matter). The results are being applied to different projects e.g. PRIPARE, which recently joined PbD-SE on its own. Although I'm still trying to catch up on the group status and advances, I can see that our work is somehow aligned with PbD-SE methodology and the idea of de-composing principles into lower level sub-principles. Thus, we are excited about joining your discussion on these issues and, if considered as valuable, contributing with inputs and comments. I am looking forward to joining the next call. Best regards, -- José M. del Álamo http://web.dit.upm.es/~jmdela/ESPRE2014.pdf -=-=-=- Our topic / effort is all about ?A Cyber model enabling / Facilitating Privacy by Design (PbD) ( = ?C4P?) ? and why you should play? SO? We all know the question everyone needs to address - where does privacy sit in your organization today? So how do we address all the various elements therein? Chances are if you don?t have a chief privacy officer or data protection officer, your company is lacking in protecting critical data, let alone all the laws and statutory regulations dealing with privacy (e.g., be they PII, HIPAA, CPI, audit / compliance, etc) In addition, the privacy definitions and policy are themselves are quite varied, complex and change depending on where your data resides ? city, state, country (for example, the EU?s data protection directorate is much stricter than weak (to non-existent) USA laws (where you should know about ?safe harbor? if you have a global product)). So how does one start to protect the both the organizational and individual?s critical data and the related privacy aspects with all the many key variables themselves in flux and likely take many more years to sort out ? if ever globally? Implement a cyber model that enables the Privacy by Design (PbD) initiative, building in protections using a data centric security (DCS) approach that is relatively agnostic to the digital environment. Thus inherently address the key data and privacy protection aspects from the start, making the actual IT / data space relatively agnostic to the privacy definitions and requirements churn mentioned earlier. As for selling better security to the public, a ?privacy message? resonates with users better, tends to be an emotional issue and is mandated by laws; THUS it ?sells cyber? better than security scare tactics? Our C4P construct enables PbD for most environments (yes, IoT needs privacy protection as well). Our Cyber 4 PbD overview is at this link (= using data centric security methods on top of the typical IA/CND/Security suite) - We suggest to get acclimated to PbD and cyber, just SKIM for effect at first? http://www.sciap.org/blog1/wp-content/uploads/Privacy-by-Design-cyber-securi ty.pdf Our much more detailed technical paper on our ?C4P? approach, including an executable, proposed open privacy framework within an enterprise architecture is here (a rough draft still being finessed): http://www.sciap.org/blog1/wp-content/uploads/Cyber-security-enable-privacy- design.pdf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]