Date of Award
Spring 5-4-2022
Document Type
Dissertation
Degree Name
Doctor of Philosophy in Cyber Defense (PhDCD)
Department
Computer Science
First Advisor
Kevin Streff
Second Advisor
Omar El-Gayar
Third Advisor
Shengjie Xu
Fourth Advisor
Mary Francis
Abstract
Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be adapted by organizations of any shape, size, industry, or geography.
The purpose of this project is to create a unified privacy assessment methodology that will assist organizations with privacy and compliance obligations by simplifying the assessment process with steps that are repeatable and can be adopted by organizations of any shape, size, industry, or geography. The project will address three research questions. What steps are needed to conduct a unified privacy assessment? What inputs and outputs are needed to complete each step in the assessment? What variables are needed as it relates to assessments? The research project was conducted using design science methodology following the engineering lifecycle for a technical action research project. The project created a new privacy assessment methodology model with five steps. The privacy assessment methodology was evaluated with a use case at an organization based in the US with offices globally.
The research project created a new unified privacy assessment methodology as set forth in the beginning of the project. The model was evaluated and validated through realworld business use case of a global healthcare organization and a dozen training sessions presenting this research. This work will not stop with this project, it merely sets the path for additional innovative and industry impacting solutions.
Recommended Citation
McKee, Lisa, "Privacy Assessment Breakthrough: A Design Science Approach to Creating a Unified Methodology" (2022). Masters Theses & Doctoral Dissertations. 382.
https://scholar.dsu.edu/theses/382
Included in
Digital Communications and Networking Commons, Information Security Commons, OS and Networks Commons, Software Engineering Commons, Systems Architecture Commons