Risk Assessment - DPIA
======================

Intro
-----

| The objective of this material is to offer methodological guidance on risk-based security and privacy protection. In particular, the material describes in detail the information security risk assessment and management process based on the relevant international standard ISO/IEC 27005 (2018). In sequence, methodological guidance is provided for the data protection impact analysis based on the recommendations by the National Personal Data Protection Authority in France.
| The material mainly targets DPOs, risk analysts, software engineers, security and privacy experts. The reader is expected to: 

* Understand the concept of risk in security and privacy protection
* Become familiar with the security risk assessment activities and the selection of security strategies based on security risk analysis
* Become familiar with the data protection impact analysis activities and the selection of privacy enhancing tools based on privacy risk analysis 
* Understand the similarities and differences between security risk analysis and data protection impact assessment 

⇒ `See relevant slides <_static/Appendix_7.pdf>`__

General References
------------------

1. `CNIL Data Impact Assessment <https://www.cnil.fr/en/privacy-impact-assessment-pia>`_
2. `ISO/IEC 27005:2018, Information technology — Security techniques — Information security risk management <https://www.iso.org/standard/75281.html>`_
3. `ISO 29134:2017, Information technology — Security techniques — Guidelines for privacy impact assessment <https://www.iso.org/standard/62289.html>`_