Privacy Control for Personally Identifiable Information on the Information System (Case Study:XYZ Organization)

2018 International Conference on Applied Information Technology and Innovation (ICAITI) Pub Date : 2018-09-01 DOI:10.1109/ICAITI.2018.8686766

Fajar Pradana, Nanang Trianto

{"title":"Privacy Control for Personally Identifiable Information on the Information System (Case Study:XYZ Organization)","authors":"Fajar Pradana, Nanang Trianto","doi":"10.1109/ICAITI.2018.8686766","DOIUrl":null,"url":null,"abstract":"Based on Indonesian regulations, organizations that manage personal data must implement internal policies in protecting and securing personal data. In providing personal data protection can be done by identifying the impact level of information to be mapped to Security and Privacy Control of NIST SP800-53. XYZ Organization is one of the organizations that manage personal data in Indonesia. The result of impact level identification indicates that the confidentiality aspect has a high impact, the integrity aspect has a moderate impact, and the availability aspect has a high impact. So as a whole, the system implemented by the XYZ Organization has a high category. Based on the Security and Privacy Control mapping of the Draft NIST SP800-53 revision 5, 57 controls are related to privacy. Privacy Control results can be made a recommendation in the process of formulating a policy of personal data protection on XYZ Organization. The result of Privacy Control is still baseline. In the future, it can be done in detail for the overall Privacy Control so it is more comprehensive.","PeriodicalId":233598,"journal":{"name":"2018 International Conference on Applied Information Technology and Innovation (ICAITI)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Applied Information Technology and Innovation (ICAITI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAITI.2018.8686766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Based on Indonesian regulations, organizations that manage personal data must implement internal policies in protecting and securing personal data. In providing personal data protection can be done by identifying the impact level of information to be mapped to Security and Privacy Control of NIST SP800-53. XYZ Organization is one of the organizations that manage personal data in Indonesia. The result of impact level identification indicates that the confidentiality aspect has a high impact, the integrity aspect has a moderate impact, and the availability aspect has a high impact. So as a whole, the system implemented by the XYZ Organization has a high category. Based on the Security and Privacy Control mapping of the Draft NIST SP800-53 revision 5, 57 controls are related to privacy. Privacy Control results can be made a recommendation in the process of formulating a policy of personal data protection on XYZ Organization. The result of Privacy Control is still baseline. In the future, it can be done in detail for the overall Privacy Control so it is more comprehensive.

查看原文本刊更多论文

信息系统中个人身份信息的隐私控制(案例研究:XYZ组织)

根据印尼法规，管理个人数据的组织必须实施保护和保护个人数据的内部政策。在提供个人数据保护时，可以通过识别要映射到NIST SP800-53的安全与隐私控制的信息的影响级别来完成。XYZ组织是印度尼西亚管理个人数据的组织之一。影响等级识别结果表明，机密性方面影响较大，完整性方面影响中等，可用性方面影响较大。因此，作为一个整体，XYZ组织实现的系统具有很高的分类。根据NIST Draft SP800-53 revision 5的安全和隐私控制映射，57个控制与隐私相关。隐私控制结果可在制定XYZ组织个人资料保护政策的过程中提出建议。隐私控制的结果仍然是基线。在未来，可以对整体的隐私控制进行细节化，使其更加全面。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 International Conference on Applied Information Technology and Innovation (ICAITI)

自引率

0.00%

发文量