One of the important responsibilities of a DPO is to assure that a DPIA is performed for new processing or systems that include personal data.
A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimize the data protection risks of a project.
In our DPIA & DTIA training you already learn that a DPIA typically includes steps like:
- describe the nature, scope, context and purposes of the processing;
- assess necessity, proportionality and compliance measures;
- identify and assess risks to individuals; and
- identify any additional measures to mitigate those risks.
This not only involves the privacy risks, but also cybersecurity risks for your project or system.
Understanding and managing cybersecurity risks for systems can be a daunting task. Especially if you do not have a lot of experience in the cyber security field.
That is where Threat Modeling as a technique will help you. Threat Modeling is a way to analyze the risk inherent to a system’s design. Originating from application security circles, the technique has been found to be effective in many circumstances for many types of systems. The Threat Modeling process is done in two phases, split up in two workshops: data modeling and threat modeling.
These threat modeling steps will help you create better DPIAs and support the important aspect of building in Privacy by Design.
With DPI we developed a two-month hybrid learning journey for threat modeling practitioners. This hybrid online training gives you the tools you need to become a threat modeling practitioner, teaching you how to threat model and build in security as an integral aspect of your secure development practice. This training is based on Toreon’s international rewarded whiteboard hacking training that was released in 2016. It’s a course that blends self-paced digital work with action-packed, hands-on live labs run by our seasoned threat modeling experts.