Security Threat Risk Assessment: The Final Key Piece of the PIA Puzzle

(IAPP Canada Privacy Symposium 2013)

Learn how to incorporate a security threat risk assessment (STRA) into the process of developing a privacy impact assessment (PIA). Knowing where to incorporate security requirements during the PIA process and what questions to ask is critical to ensuring that risks are accurately identified and addressed prior to a PIA being signed-off on. You’ll learn the importance of integrating security and privacy processes to identify risks to personal information from numerous sources, including system failures, viruses, insider snooping, external attacks and outdated testing and quality assurance practices. An overview of the STRA process will be included, along with tips for identifying key areas of risk. Presenters: Curtis Kore and Angela Swan, CIPP/C, CIPP/IT, British Columbia Lottery Corporation

What you’ll take away:

  • An understanding of how to incorporate security reviews into existing privacy processes
  • Insight on the security threat risk assessment process
  • Key areas of risk that may not be obvious when reviewing a PIA