Please enable JavaScript.
Coggle requires JavaScript to display documents.
BOK - Coggle Diagram
BOK
III. Privacy Threats and Violations
During Data Collection
a. Asking people to reveal personal information
b. Surveillance
During Use
a. Insecurity
b. Identification
c. Aggregation
d. Secondary use
e. Exclusion
During Dissemination
a. Disclosure
b. Distortion
c. Exposure
d. Breach of confidentiality
e. Increased accessibility
f. Blackmail
g. Appropriation
Intrusion, Decisional Interference and Self Representation
a. Behavioral advertising
b. Cyberbullying
c. Social engineering
Software Security
a. Vulnerability management
b. Intrusion reports
c. Patches
d. Upgrades
e. Open-source vs. closed-source
VII. Technology Challenges for Privacy
Automated Decision Making
a. Machine learning
b. Deep learning
c. Artificial Intelligence (AI)
d. Context aware computing
Tracking and Surveillance
a. Internet monitoring
b. Web tracking
c. Location tracking
d. Audio and video surveillance
e. Drones
Anthropomorphism
a. Speech recognition
b. Natural language understanding
c. Natural language generation
d. Chatbots
e. Robots
Ubiquitous computing
a. Internet of Things (IoT)
b. Vehicular automation
c. Wearable devices
Mobile Social Computing
a. Geotagging
b. Geosocial patterns
I. Foundational Principles
Privacy Risk Models and Frameworks
a. Nissenbaum’s Contextual Integrity
b. Calo’s Harms Dimensions
c. Legal compliance
d. FIPPs
e. NIST/NICE frameworks
f. FAIR (Factors Analysis in Information Risk)
Privacy by Design Foundational Principles
a. Full life cycle protection
b. Embedded into design
c. Full functionality
d. Visibility and transparency
e. Proactive not reactive
f. Privacy by default
g. Respect for users
Value Sensitive Design
a. How design affects users
b. 14 methods
c. Strategies for skillful practice
The Data Life Cycle
a. Collection
b. Use
c. Disclosure
d. Retention
e. Destruction
II. The Role of IT in Privacy
Fundamentals of Privacy-related IT
a. Organization privacy notice
b. Organization internal privacy policies
c. Organization security policies, including data classification policies and schema, data retention and data deletion
d. Other commitments made by the organization (contracts, agreements)
e. Common IT frameworks
COBIT
ITIL
f. Data inventories
g. Enterprise architecture and data flows, including cross-border transfers
h. Privacy impact assessments (PIAs)
Information Security
a. Security requirements in commercial transactions and the law
b. Incident response—security and privacy perspectives
c. Security and privacy in the systems development life cycle (SDLC) process
d. Privacy and security regulations with specific IT requirements
Information Governance
a. Basic principles
The Privacy Role of the IT Professional
a. Providing feedback on policies
b. Providing feedback on contractual and regulatory requirements
V. Privacy Engineering
The Privacy Engineering Role in the Organization
Privacy Engineering Objectives
a. Predictability
b. Manageability
c. Dissociability
Privacy Design Patterns
a. Design patterns to emulate
b. Dark patterns to avoid
Privacy Risks in Software
a. Risks
b. Countermeasures
IV. Technical Measures and Privacy Enhancing Technologies
Data Oriented Strategies
a. Separate
i. Distribute
ii. Isolate
b. Minimize
i. Exclude
ii. Select
iii. Strip
iv. Destroy
c. Abstract
i. Group
ii. Summarize
iii. Perturb
d. Hide
i. Restrict
ii. Mix
iii. Obfuscate
iv. Dissociate
Techniques
a. Aggregation
i. Frequency and magnitude data
ii. Noise addition through differential privacy
iii. Differential identifiability
b. De-identification
i. Anonymize
iv. Strong and weak identifiers
vi. Types
k-anonymity
l-diversity
t-closeness
vii. Tokenization
ii. Pseudonymize
iii. Labels that point to individuals
v. Degrees of identifiability
c. Encryption
i. Algorithms and keys
ii. Symmetric and asymmetric
iii. Crypto design and implementation considerations
iv. Application or field encryption
v. Quantum encryption
vi. Public key infrastructure
vii. Homomorphic
viii. Polymorphic
ix. Mix networks
x. Secure multi-party computation
xi. Private information retrieval
d. Identity and access management
i. Limitations of access management as a privacy tool
ii. Principle of least-privilege required
iii. Role-based access control (RBAC)
iv. User-based access controls vs. context of authority
v. Cross-enterprise authentication and authorization models
vi. Federated identity
vii. BYOD issues
e. Authentication
i. Single/multifactor authentication
ii. Something you know (usernames, passwords)
iii. Something you are (biometrics, facial recognition, location)
iv. Something you have (tokens, keys)
Process Oriented Strategies
a. Informing the Individual
i. Supply
ii. Notify
iii. Explain
b. User Control
i. Consent
ii. Choose
iii. Update
iv. Retract
c. Policy and Process Enforcement
i. Create
ii. Maintain
iii. Uphold
d. Demonstrate Compliance
i. Log
ii. Audit
iii. Report
VI. Privacy by Design Methodology
The Privacy by Design Process
a. Goal setting
b. Documenting requirements
c. Understanding quality attributes
d. Identify information needs
e. High level design
f. Low level design and implementation
g. Impose controls
Architect
Secure
Supervise
Balance
h. Testing and validation
Ongoing Vigilance
a. Code reviews
b. Code audits
c. Runtime behavior monitoring
d. Software evolution