Cybersecurity Project Identifies Privacy Risks During Software Development

Summer 2021 MICS Capstone award-winner ‘Full Loop Privacy’ employs the Privacy by Design framework

Full Loop Privacy is a platform for identifying privacy risks during the software development lifecycle.

The framework ties privacy commitments, whether they be regulatory or business-provided, to technical risks that can be identified in code and deployment environments. Using these relationships, Full Loop Privacy ingests reports from techniques such as static analysis and networking scanning to help organizations detect, prioritize, and mitigate potential privacy issues before they make it to users.

Ryan: The MICS program does a good job of covering cybersecurity and privacy through multiple lenses, from policy to technical. Further exploration of that technical-policy relationship inspired the project, and we knew looking at that relationship from the privacy perspective could be incredibly impactful and interesting because of the global rise in privacy and data protection regulations.

Ryan: We aggressively prioritized in order to build something that could capture the essence of our lofty concept. We narrowed our scope to focus on GDPR and reviewed recent court decisions made by regulators. For each case, we determined what technical controls were broken or absent and wrote static analysis rules that could detect these issues automatically. Throughout the process, we demonstrated our work to advisors within the school and outside its halls to get quick feedback and make sure we were solving real issues.

Alanna: We were productive and worked well with each other by having mutual respect for each other’s skillsets, ideas, and schedules. When one of us had other obligations with work or family, we would have each other’s back and cover for each other with no hesitation.

Ryan: Each team member brought different strengths and perspectives to call from that we leveraged heavily during the project to get work done. As an academic program, however, we also made time to help each other learn new skills, whether that be technical or otherwise.

Pragathi: The I School’s curriculum helped thoroughly prepare for this project by introducing topics in our classes that emphasize the need to detect potential issues before they occur by looking at the legal, security, and engineering sides. Classes within the I School curriculum focused on secure coding, network security, and usable privacy that can be applied to legal, behavioral, and ethical issues.

Alanna: The MICS program required that we work on teams for presentations and projects in every class in the curriculum, which simulates a corporate environment. We learned to adjust to each other’s personalities and skill levels, some very technical and others more managerial leadership roles from diverse backgrounds. There were many opportunities in the I School’s curriculum to present and become more confident with public speaking in a safe supportive environment. All the instructors were especially supportive and always offered very constructive feedback.

Ryan: Privacy tech is on the rise and is going to be an area of focus for organizations of all sizes. I think a project like this serves the multidisciplinary world of privacy in a way that is not common. After taking a small break to enjoy our graduation I would be interested in continuing to mature the framework beyond our proof of concept into an invaluable tool for organizations trying to practice privacy by design and meet the privacy commitments they make to their users.

Ryan: I think this project can serve any organization ready to commit to building in a privacy-focused way. The full picture of capturing privacy risks from the technical layer all the way to the policy layer can not only help organizations better quantify and manage risk but can also serve as an important knowledge-building tool by framing the discussion around privacy risks in a way that is understandable by engineering, privacy, and legal professionals alike.

Related posts:

I have the opportunity to work i then looking up Lamborghini prices for a 50cc be insured by to buy health may be difficult to what I would be ? but no, my really need cheaper one like 200 dollars…