I: Privacy Risk Models and Frameworks Flashcards
Nissenbaum’s contextual integrity
Maintaining personal information in alignment with the norms (usually domain-specific) that apply to a particular context.
Risk occurs when those norms are violated.
Calo’s harm dimensions
Concept of objective and subject harm.
Objective Harm
Measurable and observable harms that occur when privacy has been violated. Think of objective harm like “battery.”
Subjective Harm
Expected or perceived harm. It causes harm and anxiety, and can be thought of as “assault” (since it’s the expectation of harm).
Legal Compliance
Compliance regulations impact how data is collected, used, stored and destroyed. Risks are caused by:
- the failure to do what is required
- the failure to avoid what is prohibited
FIPPs (Fair Information Practice Principles)
Mandates:
- Notice, choice and consent
- Access
- Controls
- How information is managed
NIST framework (National Institute of Standards and Technology)
Provides standards and guidelines for managing cybersecurity-related risks.
NIST frameworks include:
- Risk Management Framework
- Cybersecurity Framework
- Privacy Framework
NICE framework (National Initiative for Cybersecurity Education)
Published by NIST, it categorizes and describes cybersecurity work. It establishes a common terminology and is intended to be cross-sectoral.
FAIR (Factors Analysis in Information Risk)
Breaks risk up into constituent parts. Goal is not to eliminate risk, but make it more defensible.
Risk is broken in “frequency of action” and “magnitude of violations.”