Tuesday, 21 July 2015

Privacy Engineering Tutorial at TrustCom 2015

Privacy Engineering Tutorial
Held in Conjunction with TrustCom 2015 Helsinki, Finland

Friday 21, August 2015

10h05-11h50 – Session I

The Privacy Engineer’s Manifesto
Jonathan Fox, Michelle Dennedy, Intel/McAfee

“The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy”

In this session you will learn the guiding principles of privacy engineering; how legal, management, business and process interact, and gain the foundational knowledge for implementation of a privacy engineering programme.

13h10-14h55 – Session II

Invited Talk: Software Engineering Aspects of Privacy
Antti Vähä-Sipiliä, F-Secure

Software security initiatives are becoming more common. We'll cover how privacy engineering can be supported by real-life security practices, and how a modern software development organisation can integrate privacy engineering in both requirements and delivery activities

In this session you will obtain a deep insight into how privacy engineering practices have been applied in a real-world scenario.

15h15-17h00 – Session III

Privacy Engineering
Ian Oliver, Nokia

To construct information systems from small mobile 'apps' to huge, heterogeneous, cloudified systems requires merging together skills from software engineering, legal, security and many other disciplines - including some outside of these fields! Only through properly modelling the system under development can we fully appreciate the complexity of where personal data and information flows; and more importantly, effectively communicate this.

In this session aspects of modeling systems and terminology/ontologies for privacy are presented. This will enable you to better understand, communication and reason about the privacy (and security) aspects of your systems. This session also presents how models of a system, requirements and risk analysis fit together. The session concludes with an overview of analysis techniques such as FMEA, RCA and process integration and auditing will also be presented.

Supporting Material

The tutorials draw upon the material presented in the following books:
  • Ian Oliver (2014). Privacy Engineering: A Dataflow and Ontological Approach. CreateSpace Independent Publishing. 978-1497569713, www.privacyengineeringbook.net
  • Michelle Dennedy, Jonathan Fox, Thomas Finneran (2014). The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value. APress. 978-1430263555

No comments: