- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Engineer privacy into software, systems, and applications. This book is a resource for developers, engineers, architects, and coders. It provides tools, methodologies, templates, worksheets, and guidance on engineering privacy into software—from ideation to release and beyond—for technologies, products, systems, solutions, and applications.
This book can be used in conjunction with the ApressOpen bestseller, The Privacy Engineer's Manifesto. This book trains and equips users to engage in their own privacy scoping requirements workshops, write privacy use cases or "stories" for agile development, document UI privacy patterns, conduct assessments, and align with product and information security teams. And, perhaps most importantly, the book brings clarity to a vitally important need—the protection of personal information—that is often shrouded in mystery during the engineering process. Go from policy to code to QA to value, all within these pages.
What You Will Learn
Think of the Fair Information Principles as actionable, normative statements
Decode privacy into functional requirements that can be designed and coded
Prepare and conduct a privacy scoping requirements workshop
Translate privacy requirements into usable stories for agile development
Guide user interface designers in creating privacy controls and interfaces
Access software, systems, applications, and apps to see if the necessary privacy controls are in place
Create privacy engineering documentation (such as data flow diagrams and privacy impact assessments) so that tribal lore is translated into institutional knowledge
Access and ready the enterprise to support privacy engineering
Who This Book Is For
Serves multiple stakeholders, including those involved in architecting, designing, developing, deploying, and reviewing systems, products, processes, applications, and apps that process personal information. This workbook will appeal to software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals.
Contents
Section 1: Privacy Engineering is Process, Data, and Innovation Centric
Introduction
Characteristics of Privacy Engineering
Privacy Engineering is Process-Centric
Privacy Engineering is Data-Centric
Privacy Engineering is Innovation-Centric
Privacy Engineering builds on PbDTM
Workbook Use Case: MyCareerStages
Conclusion
Section 2: The Six Steps of the Privacy Engineering Process
The Aha! Moment
Step 1: Identifying the Enterprise & User Goals
Step 3: Mapping Requirements to Offering/Data Processes
Step 4: Embedding Privacy through Training, Processes and Technology
Step 5: Verifying Privacy Requirements are Met - Quality Assurance
Step 6: If any changes (and there is always change), go back to Step 1
Conclusion
Section 3: Privacy Engineering Implementation Best Practices
Practice 1: Establish A Privacy Aware Enterprise
Practice 2: Document User Goals with Privacy Aware Use Case(s)
Practice 3: Build and Maintain Your Enterprise Privacy Policy
Practice 4: Embed Privacy Engineering into Your Existing Development and Operational Lifecycle
Practice 5: Build Privacy Requirements into Privacy User Stories
Practice 6: Embed Privacy Controls via Privacy Enhancing Processes and Technologies
Practice 7: Embed Privacy Awareness and Transparency into the Organization
Practice 8: Managing Data with Operationalized Governance, Protection and Privacy
Practice 9: Gathering Requirements and Planning a Privacy Requirements Workshop
Conclusion
Section 4: Workbook Use Case Details
Epic 1: MyJobsFuture
Epic 2: MyRecruitingPlace
Epic 3: MyCareerStages
My FutureJobsRUs Privacy Statement/Policy
Conclusion
Section 5: Exercise Answers for FutureJobsRUs
Exercise 1: Identify PII
Exercise 2: Scoping your Organization Questionnaire Example for FutureJobsRUs
Exercise 3: Draw a Use Case Diagram
Exercise 4: Map Your Enterprise Policy into Privacy Requirements
Exercise 5: Capture the Data Inventory
Exercise 6: Complete Guide for Reviewing a User Diagram for Privacy Requirements
Exercise 7: Develop Privacy User Stories and Map to Agile Epic
Exercise 8: Identify Risk, Threat and Vulnerability
Exercise 9: Scoping Your Enterprise Organization
Exercise 10: Evaluate Your Design and Development Methodology
Exercise 11: Document Existing Privacy Enhancing Processes and Privacy Enhancing Technologies
Exercise 12: Map Privacy User Stories to PETs and PEPs.
Exercise 13: Develop a Privacy Data Sheet for your use case
Exercise 14: Complete a Privacy Impact Assessment for your use case
Exercise 15: Revisit Step 6 for Epic 2
Exercise 16: Revisit Step 6 for Epic 3
Section 6: Supplemental Information
Appendix 1: Terms & Foundational Concepts
Appendix 2: Operational Definition of Privacy
Appendix 3: Twelve Privacy Controls Framework
Appendix 4: Foundational Privacy Actors
Appendix 5: Agile Privacy Engineered User Stories
Appendix 6: Layering Privacy Engineering into Existing Development
Appendix 7: Privacy Requirements Workshop Sample Agenda
Appendix 8: Privacy Requirements Workshop Sample Slides
References
List of Figures
List of Tables
Section 7: Worksheet Pull-Outs
Worksheet 1: Identify PII attributes
Worksheet 2: Scoping your Organization Questionnaire
Worksheet 3: Use Case Diagram
Worksheet 4: Map Enterprise Policy into Privacy Requirements
Worksheet 5: Capture Data Inventory
Worksheet 6: Discussion Guide for Reviewing a Context Diagram for Privacy Requirements
Worksheet 7: Develop Privacy User Stories and Map to Agile Epic
Worksheet 8: Identify Risk, Threat and Vulnerability
Worksheet 9: Scoping Your Enterprise Data Foundation
Worksheet 10: Evaluate Your Design and Development Methodology
Worksheet 11: Document Existing Privacy Enhancing Processes and Privacy Enhancing Technologies
Worksheet 12: Map user stories to controls, PETs and PEPs.
Worksheet 13: Develop a Privacy Data Sheet for a User Story
Worksheet 14: Privacy Impact Assessment
Worksheet 15: Revisit Step 6 Questions
