ANALYSIS ID BEFORE PLAN
PERCENT
IMPROVEMENT NEW VALUE
Quality Management worksheet completed for this element? (check box)
Physical
Perform a visual walk-through in your company, and observe how information can be combined to violate privacy.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Carefully examine all front-desk/reception area procedures including sign-in, badging, and information gathering.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Institute policies for simple things such as erasing white boards and clean desk policies for private information.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________
Network
Define any e-monitoring policies and procedures, and clearly communicate them to all affected people.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ A hacker is as much a privacy violation as an overly aggressive company. Design network security with privacy in mind.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ To the extent you can, isolate extremely private information onto a well-known group of well-secured network segments.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________
Worksheet 3.22 Security Stack Worksheet for Privacy. (continued)
Implement an overall security architecture that protects information privacy according to the impact analysis plan. If an organization, for example, sends sensitive customer records in the clear over the Internet, then the organization has not adequately taken steps to protect the pri- vacy of customer information. Your security privacy plan may delineate
Application
Reconfigure or (re)design applications to deter intentional misuse of private information. ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Attempt to logically partition private information to reduce its value should one application be hacked and not another.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Determine any way in which your applications unwittingly combine information to violate your security policy.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Identify existing applications and design new ones to "clean up" after themselves to avoid leaking private information.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________
Operating System
Review and revise your operating system access control matrix so that it addresses your privacy objectives.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ Identify administrator errors that easily unravel privacy. Develop technologies and
procedures to reduce potential errors.
______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________
between the relative privacy of parts of your network behind and in front of your firewall(s)—though I generally caution against making such “relativity” assumptions. From my point of view, high-impact applications always need protection over any part of your network. If, however, you decide to make these assumptions, you might, for example, choose to encrypt network transport of sensitive private information going over the Internet but not from within your firewall.
APPLICATION
Design applications to protect private information from hackers and to prevent abuse of private information by the organization. Applica- tions protect information by incorporating other security planning elements such as access control and encryption. Applications abuse information by unwittingly sharing private information and by making use of information that the organization’s privacy policies and procedures would otherwise disallow. For example, let’s say your organization has access to more detailed information about a given customer than he or she has directly provided you (such as from a mass-marketing consumer database or a partner or supplier database): This does not mean you are free to combine this information with what you already have and to sell it or even use it to service the customer unless the customer has granted permission. The right to do this, or not, is determined by your organiza- tion’s privacy policies and procedures and the permissions granted by your customers.
Design applications to prevent the violation of private information as defined by the organization’s privacy policies. “Backdoor” informa- tion sharing or information-tracking tactics and inappropriate aggregation of private information represent examples of such poor design choices.
OPERATING SYSTEM
Coordinate access control and privacy management. At the operating system level, access control and privacy management are tied closely together. Lack of operating-system-level security provides tremendous opportunities to violate privacy by enabling unauthorized access to private information held in places such as files, directories, databases, and in memory. A breakdown of access control leads to a breakdown of privacy. Moreover, operating systems that are either misconfigured or poorly implemented, leaving information from one user accessible to another, also represent a threat.
Life-Cycle Management
Use Worksheet 3.23 here.
TECHNOLOGY SELECTION
Write privacy requirements for all technology implemented as part of the security stack. These requirements are driven by your privacy policies and procedures. The key here is to think about privacy up front, during technology selection and implementation. The same idea can, of course, be applied to existing technology that you’re auditing from a privacy standpoint. Remember that nearly all technology has the potential to violate privacy in one way or another, regardless of whether its design has anything to do with privacy in the first place. Carefully test technology that is implemented within your security stack for pri- vacy holes. Carefully review test plans and results so that you are rea- sonably assured that privacy is maintained in accordance with your requirements.
IMPLEMENTATION
Implement safeguards to prevent privacy from being violated, as driven by your organization’s policies and procedures. In implementation and operations, the customer service interface to any organization (be it the front desk or the support desk) is a common place to find a weak spot in privacy implementation. Customer service organizations, as one example, routinely violate the privacy of those they service by sharing information they shouldn’t. Often this happens because the technology has been implemented in such a way that they have too much access to information without appropriate safeguards. For example, customer service representatives should not be able to access private customer information without first securely entering authentication information received from the customer into their workstation. The customer’s pri- vate information, and the ability to act on that information, should not be available to the representative until the customer authentication is successful.
OPERATIONS
Operate systems in accordance with established privacy policies and procedures. Your plan should incorporate operational training so that users know what they should and should not do.
Worksheet 3.23 Life-Cycle Management Worksheet for Privacy.