I’m doing research while working on the 2nd edition of my book, “Managing an Information Security and Privacy Awareness and Training Program“…
In one section I provide 60 different topics for which training should be provided for targeted groups. One of these topics is about privacy enhancing technologies (PETs) and privacy threatening technologies. Business leaders and IT folks implementing the technologies must understand the privacy impacts to the organization of using such technologies.
Here are the lists I have for each; I am not going to provide specific vendor products, but categories of technologies:
- PETs (Privacy Enhancing Technologies)
§ Encryption
§ Steganography
§ P3P (Platform for Privacy Preferences Project)
§ Access control systems
§ Privacy seals for Web sites
§ Blind signatures
§ Digital signatures
§ Biometrics
§ Firewalls
§ Spam filters
§ Cookie cutters and bug zappers
§ HTML filters
§ Pseudonymous and anonymous systems, such as communication anonymizers
§ Trusted sender stamps
§ EPAL (enterprise privacy authorization language)
- Privacy threatening technologies (generally weren’t created to invade privacy, but can be used to do so)
§ Cookies
§ Log files
§ Web bugs/web gifs/web beacons/clear gifs
§ Filtering and monitoring
§ Spyware
§ Spam and phishing
§ “Always online” Web-phones with audio and video capabilities
§ Grid networks and cloud computing
§ Blogs and micro-blogs (such as Twitter)
§ Instant messaging
§ Peer to peer
§ Active content and client-based scripting
§ Photo-enabled smart phones
§ Surveillance technologies
§ Trojans
Am I missing any technology in either of these lists? Let me know!
Tags: awareness and training, Information Security, IT compliance, IT training, PETs, policies and procedures, privacy enhancing technologies, privacy training, risk management, security training