PRIAM: A Privacy Risk Analysis Methodology

De, Sourya Joyee; Métayer, Daniel Le

doi:10.1007/978-3-319-47072-6_15

Cited by 35 publications

(64 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our approach is inspired by previous works on PRA [12][13][14], [16,17], [36] while introducing three analysis levels to enhance reusability: Phase 1 (Generic PRA) takes as inputs the specification and the generic components of the system and yields generic privacy harm trees. This phase has to be carried out only once for a given category of products, regardless of their architectures or deployment context.…”

Section: General Approachmentioning

confidence: 99%

“…This phase has to be carried out only once for a given category of products, regardless of their architectures or deployment context. Its main steps are [12]:…”

Section: General Approachmentioning

confidence: 99%

“…In this paper, we show how reusability can also be applied to privacy risk analysis. The framework presented in this paper builds on previous work on privacy risk analysis [12,13] precisely to make reusability possible at several stages. Our methodology supports vertical reuse [37], i.e., the reuse of the generic harm trees resulting from Phase 1 for all architectures and the architecture-specific harm trees resulting from Phase 2 for all contexts.…”

Section: Choice Of Architecturementioning

confidence: 99%

“…Similar types of trees (sometimes called "threat trees" or "attack trees") have been used for PRA [12], [13], [16,17], [36]. However, the focus of the work described here is not the risk analysis itself, but its adaptation and application to the architecture selection process.…”

Section: Choice Of Architecturementioning

confidence: 99%

“…A large body of literature has been devoted to data protection impact assessment and privacy impact assessment (PIA) [8][9][10], [19], [22], [31,32]. However, most of these papers focus on legal and organizational aspects and do not provide many details on the technical aspects of the impact assessment (Privacy Risk Analysis or PRA, here) [12], [14], which may be challenging and time consuming in practice. The objective of this paper is to fill this gap and to propose a methodology which can be applied to conduct a PRA in a systematic way, to use its results in the architecture selection process (following the privacy by design approach [4]) and to re-use its generic part for different products or deployment contexts.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Métayer

2017

Privacy Technologies and Policy

Self Cite

View full text Add to dashboard Cite

Section: General Approachmentioning

confidence: 99%

“…This phase has to be carried out only once for a given category of products, regardless of their architectures or deployment context. Its main steps are [12]:…”

Section: General Approachmentioning

confidence: 99%

Section: Choice Of Architecturementioning

confidence: 99%

Section: Choice Of Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Métayer

2017

Privacy Technologies and Policy

Self Cite

View full text Add to dashboard Cite

Evolution of secure development lifecycles and maturity models in the context of hosted solutions

Lange,

Kunz

2024

J Software Evolu Process

View full text Add to dashboard Cite

Organizations creating software commonly utilize software development lifecycles (SDLCs) to structure development activities. Secure development lifecycles (SDLs) integrate into SDLCs, adding security or compliance activities. They are widely used and have been published by industry leaders and in literature. These SDLs, however, were mostly designed before or while cloud services and other hosted solutions became popular. Such offerings widen the provider's responsibilities, as they not only deliver software but operate and decommission it as well. SDLs, however, do not always account for this change. Security maturity models (SMMs) help to assess SDLs and identify improvements by introducing a baseline to compare against. Multiple of these models were created after the advent of hosted solutions and are more recent than commonly referenced SDLs. Recent SMMs and SDLs may therefore support hosted solutions better than older proposals do. This paper compares a set of current and historic SDLs and SMMs in order to review their support for hosted solutions, including how support has changed over time. Security, privacy, and support for small or agile organizations are considered, as all are relevant to hosted solutions. The SDLs analyzed include Microsoft's SDL, McGraw's Touchpoints, the Cisco's SDL, and Stackpole and Oksendahl's SDL2. The SMMs reviewed are OWASP's Software Assurance Maturity Model 2 and DevSecOps Maturity Model. To assess the support for hosted solutions, the security and privacy activities foreseen in each SDLC phase are compared, before organizational compatibility, activity relevance, and efficiency are assessed. The paper further demonstrates how organizations may select and adjust a suitable proposal. The analyzed proposals are found to not sufficiently support hosted solutions: Important SDLC phases, such as solution retirement, are not always sufficiently supported. Agile practices, such as working in sprints, and small organizations are often not sufficiently considered as well. Efficiency is found to vary based on the application context. A clear improvement trend from before the proliferation of hosted solutions cannot be identified. Future work is therefore found to be required.

show abstract

A risk‐based methodology for privacy requirements elicitation and control selection

Manna

Sengupta

Mazumdar

2021

Security and Privacy

View full text Add to dashboard Cite

The purpose of the paper is to provide a comprehensive privacy model for identifying the privacy risks of an enterprise based on its privacy requirements. A risk-based methodology for automated privacy control selection against identified privacy requirements is also proposed. The privacy model has been designed using first order logic and it is semi-formal in nature. Privacy risks are defined using the proposed formalism in terms of privacy properties. Algorithm for assessing privacy risk considering the actual information infrastructure of the enterprise is proposed. Based on the risk assessment, appropriate privacy controls should be selected from a control database. An algorithm for the same is also proposed. This methodology is easy to implement and can be used by any mid or large-scale enterprise for privacy control implementation. The effectiveness of our proposed approach is shown using a case study. From the literature review, it has emerged that there is a dearth of comprehensive privacy models that can identify the privacy requirements emanating from different sources and can eventually help the enterprise to implement privacy controls as per privacy requirements. The proposed model attempts to address this research gap by helping an enterprise to identify the specific privacy requirements and automatically select privacy controls from an appropriate knowledge base. Privacy requirements can be customized as per the needs of the enterprise.

show abstract

PRIAM: A Privacy Risk Analysis Methodology

Cited by 35 publications

References 19 publications

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Evolution of secure development lifecycles and maturity models in the context of hosted solutions

A risk‐based methodology for privacy requirements elicitation and control selection

Contact Info

Product

Resources

About