The components and objectives of privacy engineering

Data privacy is one of the biggest challenges businesses face today. Growing public concern, strict compliance rules and the increase in cyber threats makes integrating privacy into organizational processes and practices a high priority.

To properly implement confidentiality, two concepts emerge: confidentiality by design and confidentiality engineering.

“Privacy by design translates privacy requirements into an implementation plan,” said William Stallings, author of Information Privacy Engineering and Privacy by Design: Understand privacy threats, technology and regulations based on standards and best practices. “Privacy engineering is the actual implementation, operation and maintenance. “

In the past, privacy was often only considered just before deployment, if at all. Today, privacy must be integrated into the whole development and the deployment process. But how?

In this excerpt from Chapter 2 of Engineering of the confidentiality of information and confidentiality by design, find out how to get started with privacy engineering and find out how security risk assessments and risk management contribute to privacy engineering activities. Download a PDF of Chapter 2 to learn more about privacy by design, privacy and security, privacy versus utility, and usable privacy.

Click here to learn more about

Confidentiality of information
Engineering and confidentiality
by William Stallings.

2.3 Privacy engineering

Privacy engineering encompasses the ongoing implementation, deployment, operation and management of privacy features and controls in systems. Privacy engineering involves both technical capabilities and management processes. The main goals of privacy engineering are:

  • Integrate functional and management practices to meet confidentiality requirements
  • Prevent compromise of PII
  • Mitigate the impact of personal data breach

Although Figure 2.1 shows that privacy engineering is distinct from, and subsequent to, PbD, the term privacy engineering is often used to encompass privacy related activities throughout the system development lifecycle. An example of this is shown in Figure 2.3, adapted from NISTIR 8062.

Pentagon graphic with five components of privacy engineering
FIGURE 2.3 Components of Privacy Engineering

As shown in Figure 2.3, the NIST document lists five components of privacy engineering – two that are specific to the privacy engineering process and three that are components typically used in the management of privacy. ‘information. The components are:

  • Security risk assessment: A security risk is an expectation of loss expressed as the likelihood that a particular threat will exploit a particular vulnerability with a particular harmful outcome. Security risk assessment is a process that (a) systematically identifies valuable system resources and threats to those resources, (b) quantifies loss exposures (i.e. potential losses) on the basis of frequencies and estimated costs of occurrence. Thus, risk assessment follows two parallel tracks. First, for each threat to a resource, the value of the resource is assessed and the potential impact, or cost, if the threat to that resource becomes a successful threat action. Second, based on the strength of a threat, the likelihood of the threat becoming an actual threat action. Finally, the potential impact of the threat and the likelihood of its success are factors determining the risk.
  • Risk management: NIST SP 800-37 (Risk management framework for information systems and organizations) states that risk management includes a disciplined, structured and flexible process for valuing the assets of the organization; selection, implementation and evaluation of security and privacy controls; system and control authorizations; and continue monitoring. It also includes enterprise level activities to help better prepare organizations to run RMF at the system level. Risk management is an interactive process, as shown in Figure 2.4, based on that of ITU-T X.1055 (Risk management and risk profile guidelines for telecommunications organizations), composed of four stages:
    1. Assess risks against existing assets, threats, vulnerabilities, and controls. From this data, determine the impact and likelihood, then the level of risk. This is the risk assessment component described in the previous point.
    2. Identify potential security controls to reduce risk, prioritize their use, and select which controls to implement.
    3. Allocate resources, roles and responsibilities and implement controls.
    4. Monitor and evaluate the effectiveness of risk treatment.

In the context of privacy engineering, the focus is on privacy risk and the implementation of privacy controls. Chapter 11 deals with risk management.

Bubble chart with four components
FIGURE 2.4 Risk management cycle
  • Confidentiality requirements: There are system requirements that are important for privacy. System privacy requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been met. Privacy requirements are derived from a variety of sources, including laws, regulations, standards, and stakeholder expectations. Chapter 3 examines the confidentiality requirements.
  • Privacy impact assessment: The NIST Computer Security Glossary ( defines a PIA as an analysis of how information is processed: (i) to ensure that processing complies with legal requirements, applicable privacy regulations and policies; (ii) to determine the risks and effects of collecting, maintaining and disseminating information in an identifiable form in an electronic information system; and (iii) review and assess protections and alternative information handling processes to mitigate potential privacy risks. Essentially, PIA is a privacy risk assessment followed by a selection of privacy and security controls to reduce the risk. Chapter 11 examines the PIA.
  • Privacy engineering and security objectives: Information security risk assessment focuses on achieving common security objectives, including confidentiality, integrity, and availability (Figure 1.1). Likewise, privacy engineering goals focus on the types of capabilities that the system needs to demonstrate the implementation of an organization’s privacy policies and system privacy requirements. The NISTIR 8062 offers three privacy goals, shown in Figure 2.5. Chapter 3 develops this subject.
Triangular diagram with three components
FIGURE 2.5 Privacy engineering objectives
William stallingWilliam stalling

About the Author
William Stallings has made a unique contribution to the understanding of all technical developments in the field of computer security, computer networks and computer architecture. With more than 30 years of experience, he has been a technical collaborator, technical director and executive in several high-tech companies. Stallings is the author of 18 textbooks and, including revised editions, a total of 70 books on various aspects of these subjects. He holds a doctorate. from MIT in Computer Science and a Bachelor of Science in Electrical Engineering from Notre Dame.

Comments are closed.