{"title":"集成系统工程与系统理论过程分析的基于模型的隐私风险缓解方法","authors":"David Hetherington","doi":"10.1002/inst.12542","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?</p>\n <p>Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.</p>\n <p>How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.</p>\n <p>In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” <i>(J3307_202503, 2025)</i> which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.</p>\n </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"28 3","pages":"35-43"},"PeriodicalIF":1.0000,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Model-Based Approach for Privacy Risk Mitigation Integrating Systems Engineering with System-Theoretic Process Analysis\",\"authors\":\"David Hetherington\",\"doi\":\"10.1002/inst.12542\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?</p>\\n <p>Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.</p>\\n <p>How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.</p>\\n <p>In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” <i>(J3307_202503, 2025)</i> which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.</p>\\n </div>\",\"PeriodicalId\":13956,\"journal\":{\"name\":\"Insight\",\"volume\":\"28 3\",\"pages\":\"35-43\"},\"PeriodicalIF\":1.0000,\"publicationDate\":\"2025-07-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Insight\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/inst.12542\",\"RegionNum\":4,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"INSTRUMENTS & INSTRUMENTATION\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Insight","FirstCategoryId":"5","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/inst.12542","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"INSTRUMENTS & INSTRUMENTATION","Score":null,"Total":0}
A Model-Based Approach for Privacy Risk Mitigation Integrating Systems Engineering with System-Theoretic Process Analysis
Certain commercial operations, their systems, and their employees need to operate in hostile or semi-hostile environments. The physical environment may be challenging, but often an unstable political/social environment may be a greater challenge than any temperature or weather extremes. Such an unstable political environment may present rapidly changing threats to employee security. Even if local citizens in the immediate area are supportive, transnational violent gangs may be operating nearby. How do we design overall technology and human systems that can resiliently persevere in such an unstable environment?
Some organizations will reflexively implement a walled-off, fenced, and protected environment for their employees. While this sort of physical protection will be helpful to some extent, if human relationships with the local community are poor or nonexistent, the overall security of the installation will be fragile. Some organizations will deliberately move in the opposite direction, proactively sending their employees out into the community to interact, talk to local citizens, and build human relationships – even when doing so represents a significant degree of physical and personal risk for those employees.
How do we support employees that we are deliberately thrusting into such a risky and unstable environment? For their own safety, we want those employees to communicate as much as possible with the local citizens. We want them to be aware of “chatter” in local social media. On the other hand, we want help them keep their actual personal identity details as protected as possible. Failed social interactions can have lethal consequences. Inadvertently leaked personal data about family members could result in those family members being subject to threats and intimidation in their home location.
In this article, we examine the design of a digital personal communications device designed to achieve these goals and demonstrate the use of System-Theoretic Process Analysis (STPA) in the analysis of a proposed design. Along the way, we will also demonstrate a model-based approach to the design work which represents the recently released standard SAE J3307 “System Theoretic Process Analysis (STPA) Standard for All Industries” (J3307_202503, 2025) which specifies an auditable workflow for the STPA methodology originally described in the STPA Handbook.
期刊介绍:
Official Journal of The British Institute of Non-Destructive Testing - includes original research and devlopment papers, technical and scientific reviews and case studies in the fields of NDT and CM.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
