Genomic Privacy Threat Modeling

​Ask the Expert ft. Stuart Shapiro

​​Synopsis:

​Prima facie high-risk applications demand commensurately rigorous analytical methods. Recognizing this, the NIST National Cybersecurity Center of Excellence’s project on Cybersecurity and Privacy of Genomic Data developed appropriately thorough methodologies for cybersecurity and privacy threat modeling. How was this latter methodology developed, how does it relate to the cybersecurity methodology, and how effective was it? What impact could this and similarly rigorous methodologies have on privacy risk in real-world environments?

​​Problem Statement:

​What are the pros and cons of applying more ambitious structured and systematic analytical techniques to privacy? Is the effort worth the cost? Is privacy professional praxis in general capable of incorporating and deploying such methodologies? If it is, how willing is it to do so?

​​Related Information:

• ​Privacy threat modeling

• ​Genomic privacy

​​Pre-Discussion Resources:

• ​Learn (a lot) more about this work at: https://www.nccoe.nist.gov/projects/cybersecurity-and-privacy-genomic-data

​​Guest Expert: Stuart Shapiro

​At Nemo Jr Consulting, Stuart offers expert guidance to organizations in identifying and addressing privacy and security risks involving information and operational technology in diverse environments. Previously, he was a cyber security and privacy engineer at the MITRE Corporation for 20+ years, where he provided strategic and technical support to US federal and state agencies. Focusing on risk management across a broad range of technologies and mission areas, he developed and applied new processes and methodologies, including the MITRE PANOPTIC™ privacy threat model, System-Theoretic Process Analysis for Privacy (STPA-Priv), and Lifecycle Ethical Analysis (LEA) for AI-based systems.

​​Moderator: Jason Cronk

​With over two decades of experience in principle and trust consultancy, Jason Cronk is a seasoned privacy engineer, developer, author of the IAPP textbook “Strategic Privacy by Design,” Privacy Engineering Section Leader at the IAPP, and founder and president of the Institute of Operational Privacy Design. His knowledge and involvement reaches across the spectrum as an active member of the academic, engineering, legal and professional privacy communities and a pioneering voice in the development of privacy by design.