[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FYI - Cyber enabled Privacy by Design - harmonize privacy efforts
Dr Ann, Naomi, Privacy champions, FYI - an update of our privacy efforts is offered to share our Cyber enabled PbD approach, to better harmonize with your efforts, as the privacy end-state requires all aspects and views synced up. We're publishing our "A Cyber model for Privacy by Design" approach in a major IEEE magazine (Consumer Electronics - CE) in JAN... below email refers... It is basically a shortened version of the paper we've socialized before.. enclosed link below. We've also shortened our cyber / privacy message into one that simply states and defines "Privacy PAYS" (enclosed PDF), which is distillation and refocused privacy protection view of our longer "Cyber 4 PbD" brief (link also below) And we started a PdD / DCS meetup group dedicated to improving privacy now, build it and security in. REQUEST - Be glad to share / integrate our efforts in the existing NIST privacy engineering and OASIS PHD-SE efforts ongoing, as collectively there is a stronger way forward between all our efforts...I sense a clearer end-state too.. imho.. As we all know, the typical capability flow down should start with policy, then operational requirements are developed, from which technical requirements are distilled / interpreted, and then specifications are designed to build it. This is true with privacy protection of course, yet we know that there is no common, enterprise privacy policy; thus requirements are high-level and widely vary (and much stricter outside the USA); hence no clear 'buildable' specs are available to develop common, modular, open architecture based PETs (privacy enhancing technologies) Our thesis is that by taking a data centric security (DCS) approach to PbD principles, within a data centric architecture (which simples the problem space) and aligning DCS with cloud / PaaS and overall services models & views, we can then propose a limited set (to start) of services-based privacy specifications for an initial open privacy framework (OPF). This then allows folks to develop to that framework now, while being 'relatively agnostic' to much of the privacy requirements churn. Additionally, those working privacy requirements can then map their needs to those initial specifications and see if any need adjusting or new ones added...so we iterate our way to a more useable, ubiquitous OPF (e.g., using rapid prototyping methods applied therein). Thus we collectively establish and improve our privacy way forward with useable, buildable specifications, while in parallel we align to the various requirements from many sources (this works well in lieu of no common privacy policy will likely happen and the many requirements complexity and alignment needs). Of note, our "C4P" partners do have capabilities to make this OPF happen now, and we're not selling them, just using them as one example of what can be done now. Other products that meet the specs can plug and play too - that is the point. Ciao Mike Cyber security is serious business for us all - so ACT accordingly! http://www.linkedin.com/in/mikedavissd "Cyber enabled / Facilitated Privacy by Design (PbD) ("C4P")" overall paper, including an open privacy framework (OPF) within an enterprise architecture - with proposed specifications too - is at this link (this is our first rough draft here - we submitted a shortened / smoothed version to the IEEE CE magazine): http://www.sciap.org/blog1/wp-content/uploads/Cyber-for-Privacy-by-Design.pd f What we're proposing is a specifications based enterprise privacy protection approach that should apply to most organizations, commercial and government, and eventually most environments too... be that IoT, mobile, ICS, PII, HIPAA, PCI, etc, Where our C4P = using data centric security methods on top of the typical IA/CND/Security suite) - overview brief is here... http://www.sciap.org/blog1/wp-content/uploads/Privacy-by-Design-cyber-securi ty.pdf From: "Craig Causer" <@ieee.org <mailto:c.causer@ieee.org> > Date: Dec 2, 2014 4:29 AM Subject: Re: + Your IEEE CE Proof is ready for your review (MCE2361192) To: "Mike Davis" Cc: "Peter Corcoran" <@ieee.org <mailto:c.causer@ieee.org> > Mike, Here is the final version.. Thanks again. Craig
<<attachment: winmail.dat>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]