Risk Assessment - DPIA

Intro

The objective of this material is to offer methodological guidance on risk-based security and privacy protection. In particular, the material describes in detail the information security risk assessment and management process based on the relevant international standard ISO/IEC 27005 (2018). In sequence, methodological guidance is provided for the data protection impact analysis based on the recommendations by the National Personal Data Protection Authority in France.
The material mainly targets DPOs, risk analysts, software engineers, security and privacy experts. The reader is expected to:
  • Understand the concept of risk in security and privacy protection

  • Become familiar with the security risk assessment activities and the selection of security strategies based on security risk analysis

  • Become familiar with the data protection impact analysis activities and the selection of privacy enhancing tools based on privacy risk analysis

  • Understand the similarities and differences between security risk analysis and data protection impact assessment

See relevant slides

General References

  1. CNIL Data Impact Assessment

  2. ISO/IEC 27005:2018, Information technology — Security techniques — Information security risk management

  3. ISO 29134:2017, Information technology — Security techniques — Guidelines for privacy impact assessment