1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Operating System Security
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
The Islamic University of Gaza
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.
Chapter 7 Database Auditing Models
The Trusted Digital Repositories Checklist Government Records and Archives Aspects Dr Stephen Ellis Assistant Director – General Government.
SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Management Information Systems
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.
Functional Model Workstream 1: Functional Element Development.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Policies Jim Stracka The Problem Today.
Secure Electronic Transaction (SET)
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:
EAAPAC EAAPAC TRAINING FOR MEMBERS OF NEW PACs – JUBA SOUTH SUDAN February 6 – 8, 2013.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Security Architecture
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.
Gershon Janssen 11 th October 2011 London Privacy Management Reference Model International Cloud Symposium 2011.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.
Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture On Introduction (DBMS) By- Jesmin Akhter Assistant Professor, IIT, Jahangirnagar University.
PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
TAG Presentation 18th May 2004 Paul Butler
Dr. Ir. Yeffry Handoko Putra
TAG Presentation 18th May 2004 Paul Butler
THE STEPS TO MANAGE THE GRID
Analysis of Privacy and Data Protection Laws and Directives
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Drew Hunt Network Security Analyst Valley Medical Center
Greta Mameniskyte IV course 3rd group
(System Development Life Cycle)
Instructor Materials Chapter 5: Ensuring Integrity
Presentation transcript:

1 Designing a Privacy Management System International Security Trust & Privacy Alliance

2 Mr. Private I, system designer and charter member of the ISTPA Framework Committee, has been given a real challenge by one of his customers: Design a total privacy management system for ALL the corporate databases, which receive, hold, and transfer both customer and employee data, and in multiple jurisdictions! WHERE TO BEGIN??? PRIVACY MANAGEMENT

3 Personal Information Mr. Private I decided to start at the center of the design challenge: The corporate databases containing the Personal Information. But, from his ISTPA tutorials, he knew that SECURITY was an essential element of privacy management….

4 Personal Information SECURITY The system components would need to draw on well-defined SECURITY functions, such as confidentiality, integrity, authentication, and access control. Now, what privacy management services are needed?

5 Since privacy deals with life cycle management of PI, I needed to fence off that PI data from the rest of the database…. Personal Information SECURITY

6 Looking ahead, I realized that the “fence” created a boundary and that any dialog about PI would have to cross that boundary. I gave it a name: AGENT. Dialog about PI is handled by the AGENT service… Personal Information AGENT SECURITY

7 The AGENT will need to interface to the world outside the database and interact with other system elements, so I created an INTERACTION service. Personal Information AGENT INTERACTION SECURITY

8 Procedures, best practices, legislation, and jurisdictional mandates will govern the collection, access, and use of PI. A CONTROL service is needed to execute the particular privacy “policy” against the PI database…. Personal Information AGENT INTERACTION CONTROL SECURITY

9 Privacy is the proper use of PI throughout its lifecycle, consistent with the permission of the subject and applicable laws/policies. As PI is collected and maintained, an AGREEMENT service is needed to arbitrate with the PI subject for permissible use of the PI…. Personal Information AGENT INTERACTION CONTROL AGREEMENT SECURITY

10 Reflect on the concept of “proper use of PI throughout its lifecycle”, which is a core management requirement of the definition of privacy. Subsequent use of PI by other system entities could involve transfer, linking, inference and even re-negotiation of permissions. I added a USAGE service for that purpose…. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE SECURITY

11 PI is “personal” information about the subject. Since the use of the PI is to be “proper” and “consistent with the permission of the subject and applicable laws/policies”, the subject should be able to access, review, and possibly correct PI about the subject held by another entity. Thus, the ACCESS Service… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS SECURITY

12 Given the assumed value of PI collected in the database, the privacy management system should make every effort itself to check the accuracy of PI at any point in its life cycle. The VALIDATION service does the checking, through the AGENT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION SECURITY

13 “Users” should have the proper credentials to use the system. The CERTIFICATION service will manage and check those credentials for any entity involved in processing PI. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION SECURITY

14 The privacy management system needs its own “watchdog” to record, maintain, and report any and all relevant events in order to subsequently confirm compliance. For that reason, I added the AUDIT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit SECURITY

15 What should happen IF the system fails in some aspect of privacy management or violates an accepted tenet of the system? The ENFORCEMENT service handles redress in such cases. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY

16 PI SUBJECTS will interact with the system, as well as PI REQUESTORS. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECT REQUESTOR

17 WHEW! Mr Private I needed a rest after all that design. I had identified 10 privacy SERVICES, but how did they work together to create an operational privacy management system? I needed to experiment with a few Use Cases… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

18 I started simple: Consider an employer application like Payroll that requests certain PI from an employee… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

19 Through the employer AGENT and INTERACTION, a NOTICE of the purpose and use of the requested PI is presented to the SUBJECT. The PI, together with the permissible purpose/use, is submitted for VALIDATION, then stored in the PI database by CONTROL. Through CONTROL, PI is shared with the REQUESTOR. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR NOTICE PI

20 (ADDITIONAL USE CASES…) Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR