Privacy Risk Assessment in Context: A Meta-Model based on Contextual Integrity

Publishing data in open format is a growing trend, particularly for public bodies who have a legal obligation to make data available as open data. We look at the privacy implications of publishing open data and, in particular, how organisations can make informed decisions around privacy risks in relation to open data publishing before publication occurs. Using a well established theoretical privacy assessment framework, Contextual Integrity, we illustrate how this can be translated into a practical metamodel that can assist public bodies in assessing what privacy implications or risks might be associated with making a particular dataset available as open data. We validate the metamodel by providing a worked example and illustrate the effectiveness of this by reference to a case study application where the metamodel was successfully applied in practice

Context−Sensitive Requirements and Risk Management with IRIS

Many systems are not designed for their contexts of operation. Subtle changes to context may lead to an increase in severity and likelihood of vulnerabilities and threats. The IRIS framework integrates the notion of context into requirements and risk management, by means of an integrated meta-model, design method, and software prototype. By applying this framework, requirements and risk analysis can be better situated for system contexts of operation