Privacy Engineering Flashcards
It involves taking account of privacy during the entire life cycle of ICT
Privacy engineering
focuses on implementing techniques that decrease privacy risks and enables organizations to make purposeful decisions about resource allocation and effective implementation of controls in information systems
Privacy engineering
Privacy engineering involves both technical capabilities and management processes. The primary goals of privacy engineering are to:
- Incorporate functionality and management practices to satisfy privacy requirements
- Prevent compromise of PII
- Mitigate the impact of breach of personal data
is an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result
Security Risk Assessment
includes a disciplined, structured, and flexible process for organizational asset valuation; security and privacy control selection, implementation, and assessment;
Risk management
What are the four steps of Risk Management iterative process?
Assess risk based on assets, threats, vulnerabilities, and
existing controls. From these inputs, determine impact
and likelihood and then the level of risk.
o Identify potential security controls to reduce risk,
prioritize their use, and select controls for
implementation.
o Allocate resources, roles, and responsibilities and
implement controls.
o Monitor and evaluate risk treatment effectiveness.
are system requirements that have privacy relevance.
Privacy requirements
is an analysis how information is handled: to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy;
Privacy impact assessment (PIA)
focus on the types of capabilities the system needs to demonstrate the implementation of an organization’s privacy policies and system privacy requirements
Privacy engineering and security objectives
