PRIPARE Software Methodology Assignment Help
Analysis of “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology”
Introduction
The paper which has been identified for the analysis is “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology” by Notario et al. [1]. The articles is about the different stages of system development lifecycle, through which different privacy analysis approaches can be identified and integrated for developing a standardized solution of privacy protection. The core purpose of this report is to analyze the core content and findings of the identified research paper, such that different privacy design approaches can be assessed, knowledge of system engineering methodology can be extended and the relevance of research paper with course can be identified. The research paper is analyzed by stating its purpose and then by highlighting the key findings of the course. The different approach of data privacy detailed in research paper are mentioned and then procedures through which integration of two approaches can be carried out is also highlighted. Finally, the significance of research and its connection with course is also mentioned.
Analysis of Research Paper Assignment Help
The research paper has focused on the report of Preparing Industry to Privacy by Design by supporting its Application in Research (PRIPARE) with an aim of gaining insight of analysis and design stages of System Development Lifecycle (SDL) [1]. The authors have further reviewed that existing approaches of privacy analytics, such that their positive and negative aspects can be identified and their integration can be carried out by combining with standardization efforts.
The incorporation of privacy by design principles is regarded as important for incorporation of privacy into system engineering methodology, yet the current abstract nature of principles and lack of integration into single system methodological perspective, make it hard for system engineers to gain clear insight of the notion. These issues are well addressed in PRIPARE report and the study of [1] has mainly addressed two aspects for identifying operational privacy requirements during software development process. The first is risk based approach, while other is goal oriented approach. The paper has carried out in-depth analysis of both approaches, such that risk based approach has been considered as identification of threats to privacy, assessment of risk encompassing its probability and impact and then proposal of treatment to deal with the risk [1,3]. Thus, the system design engineers who focus on risk based approach are required to consider measures at design stage to cope with the privacy threats. On the other hand, the goal oriented approach addresses different principles or goals which are fulfilled with the purpose of ensuring higher level of privacy in system development. The goals could be related to data protection, accountability, anonymity of user and privacy of content. All of the major goals are divided into low level guidelines and based on the priority level of requirements, privacy goals are met [2]. Thus, based on the conformance with privacy goals, system engineers may assure higher level of data protection.
One of the different aspect of study of [1] is based on the notion that authors have carried out comparison of risk based and goal oriented approaches and have found their commonalities as well differentiating aspects. Authors have also highlighted that these system complement each other, for instance, the risk based approach prevents threats which are left by goal oriented approach during the design of the system [1]. Thus, the only difference in the ways through which privacy issue is tackled by these two approaches, while the goal of privacy and data protection in system development remains same for both approaches [5]. Moreover, the contrasting features of these approaches are also detailed which make goal oriented approach more easily applicable by system engineers. Likewise, authors have also cited different frameworks which supports the view that both risk based and goal oriented approaches can be integrated to define an effective privacy solution [4]. Another significant aspect of the research states that sometimes implementation of one approach is confused with the name of other. For instance, when in actual system engineers focus on achievement of privacy target but consider it as risk based approach. Therefore, the study has mentioned that lines of goal and threats are blurred and difficulty to differentiate between the two approaches can be linked with blurry difference between risk and targets.
Further, as the study has maintained core focus on PRIPARE’s methodology, so it has considered that both of the approaches can be combined effectively, such that first the privacy risks are lowered through goals based approach and then any system specific uncertainties are addressed further through risk based approach [6]. The research has provided details of both methodologies by combining the historical perspective with contemporary use of these methods for privacy protection. For instance, it has been mentioned that risk management approach is used for security purposes since World War II, yet it has been combined with privacy based principles in recent years to use for privacy and data protection system development [1,8]. Moreover, while mentioning the details on implementation of risk based approach, it has been given by authors that Privacy Impact Assessment (PIA) is carried out at the first phase. The risk assessment is mainly carried out through standards methodologies, guidelines and frameworks and own insights of the system engineers is also used [7]. The research has also detailed the elements which are highlighted in PRIPARE’s methodology, encompassing; compliance with legal framework, measurement of impact, measurement of risk and addressing the privacy issues [1]. In the first element, legal requirements are identified and then all system elements are complied with the law [4]. At this step legal compliance questionnaires are used to assure that whole project is legally complied. The second element assures that risks are not measured only in traditional terms but impact is measured both for organization as well as for data subject by considering identify-ability and sensitivity of data. Likewise, the PRIPARE’s methodology also provides scales for measurement of risk and for addressing the issues of privacy in system development [5].
On the other hand, the goals oriented privacy analysis has been detailed, which assures that data protection principles are based on law and they are used for operationalizing the system requirements [8]. There are also numerous elements for goal oriented methodology, of which first one is requirements sources, in which needs and demands of the stakeholders are assessed. The requirement set is provided which must be heuristics, stakeholder’s neutral, structured, prioritized and predefined [9]. Moreover, the second element is operationalization process, which allows to transform privacy principles into operationalized requirements for system development. The final aspect addressed in the paper is about designing of privacy compliance architectures, which could either be based on risk based approach or goal requirement approach [1]. The architecture development addressed the development of software, hardware and system properties of both for formulating an effectively engineered system [10]. In this regard, the PRIPARE’s methodology followed three approached, including top down, bottom up and horizontal approaches.
Another important findings of this research are based on the notion that it has provided evidence of common privacy by design practices, which provides code of conduct for standardized system development [3]. For instance, the guidelines of International Organization for Standardization (ISO) are mentioned. The core of this study was associated with the fact that it has provided a well-constructed summary of PRIPARE’s methodology and has provided that how dual methodological approach can be adopted from system development [1]. The system development engineers can consider this study as important for recognizing the way through which objective goals oriented and subjective risk based approaches can be combined for addressing the data protection and privacy issues in system engineering [5]. Moreover, the study has also aided to understand that PRIPARE’s methodology is the core model through which system can be developed by maintaining increased data privacy [3]. The research paper has relevance with the course, as scholars of software engineering methodology are striving to find approaches through which privacy by design processes can be used in effective way for system development purposes. Therefore, this research has added in knowledge about system engineering methodology in terms of privacy by design and relevant approaches of system development.
Still Need Help with your
Assignment?
WhatsApp
Get Assignment Help