The Privacy Engineer's Companion

Answers for FutureJobsRUs

Exercise 1: Identify PII

Exercise 2: Scoping your Organization Questionnaire Example for FutureJobsRUs

Exercise 3: Draw a Use Case Diagram

Exercise 4: Map Your Enterprise Policy into Privacy Requirements

Exercise 5: Capture the Data Inventory

Exercise 6: Complete Guide for Reviewing a User Diagram for Privacy Requirements

Exercise 7: Develop Privacy User Stories and Map to Agile Epic

Exercise 8: Identify Risk, Threat and Vulnerability

Exercise 9: Scoping Your Enterprise Organization

Exercise 10: Evaluate Your Design and Development Methodology

Exercise 11: Document Existing Privacy Enhancing Processes and Privacy Enhancing Technologies

Exercise 12: Map Privacy User Stories to PETs and PEPs.

Exercise 13: Develop a Privacy Data Sheet for your use case

Exercise 14: Complete a Privacy Impact Assessment for your use caseExercise 15: Revisit Step 6 for Epic 2



Exercise 16: Revisit Step 6 for Epic 3



Section 6: Supplemental Information

Appendix 1: Terms & Foundational Concepts

Appendix 2: Operational Definition of Privacy

Appendix 3: Twelve Privacy Controls Framework

Appendix 4: Foundational Privacy Actors

Appendix 5: Agile Privacy Engineered User StoriesAppendix 6: Layering Privacy Engineering into Existing Development



Appendix 7: Privacy Requirements Workshop Sample Agenda

Appendix 8: Privacy Requirements Workshop Sample Slides

References

List of Figures

List of Tables



Section 7: Worksheet Pull-Outs

Worksheet 1: Identify PII attributes

Worksheet 2: Scoping your Organization Questionnaire

Worksheet 3: Use Case Diagram

Worksheet 4: Map Enterprise Policy into Privacy Requirements

Worksheet 5: Capture Data Inventory

Worksheet 6: Discussion Guide for Reviewing a Context Diagram for Privacy Requirements

Worksheet 7: Develop Privacy User Stories and Map to Agile Epic

Worksheet 8: Identify Risk, Threat and Vulnerability

Worksheet 9: Scoping Your Enterprise Data Foundation

Worksheet 10: Evaluate Your Design and Development Methodology

Worksheet 11: Document Existing Privacy Enhancing Processes and Privacy Enhancing Technologies

Worksheet 12: Map user stories to controls, PETs and PEPs.

Worksheet 13: Develop a Privacy Data Sheet for a User Story

Worksheet 14: Privacy Impact Assessment

Worksheet 15: Revisit Step 6 Questions

(OASIS) UML Standard for privacy analysis. Tom was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include: enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. Tom has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held titles such as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the US Navy. In addition, he was vice president and general counsel of TOMARK, Inc., and the developer of the highly successful ABEND-AID software package. Tom has a BA degree from Ohio State University, an MBA degree from Roosevelt University, and a JD degree from Cleveland State University. He is a member of the bar of the US Supreme Court and a member of the bar of Ohio, New Jersey, and Connecticut, and a member of the Patent Bar.Lisa Bobbitt, CISSP, CIPM, is the lead Privacy Engineering architect in Cisco's Privacy Office. She is passionate about embedding privacy awareness, governance, and technology across Cisco by building on the foundation of years of working and innovating (six patents) in mainframe connectivity, mobile routing protocols, innovative concepts in 3D, voice/video/data in Stadium Vision, government adaptation, and trustworthy systems. Lisa believes that every person is a digital citizen and should be a privacy advocate, starting with understanding the value of authorized use of our personally identifiable information and that the processors of our personal data are making it easy for each of us to manage our PII. She has a BS degree in Computer Science from North Carolina State University and an MBA degree from Duke University.Michele D. Guel is a Distinguished Engineer in Cisco's Trust Strategy Office. Her current focus and passion is formulating security and privacy strategies for smart connect communities (Internet of Things). During her 22 years at Cisco, she has had the opportunity to work on all facets of cybersecurity and had the opportunity to establish many "Firsts" at Cisco. As a security architect for many years, Michele was always about "Building it in, not bolting it on." She is now bringing this passion to the privacy field with a focus on privacy engineering in the IoT space. Michele holds the following certifications: CISSP, CIPM, GSEC401, and is a member of the IEEE P7002 Personal Data Privacy Working Group. She has an MS in Software Engineering with a concentration in Cybersecurity. Michele has been an avid participant, speaker, teacher, influencer, and evangelist in the cybersecurity industry for over 27 years.