Source author record

Stefan Schiffner

Stefan Schiffner appears in the imported research catalog. Authorship, coauthor and topic links are available while profile ownership is still unclaimed.

ResearcherUnclaimed source record

Cryptography and Security cs.CY Social and Information Networks

Catalog footprint

What is connected

2works

3topics

4close collaborators

Actions

Connect this record

Open graph Browse works

Inspect adjacent papers, topics, institutions and collaborators without losing the researcher page.

Building this map preview

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2022arXiv

SMART: a Technology Readiness Methodology in the Frame of the NIS Directive

An ever shorter technology lifecycle engendered the need for assessing new technologies w.r.t. their market readiness. Knowing the Technology readiness level (TRL) of a given target technology proved to be useful to mitigate risks such as cost overrun, product roll out delays, or early launch failures. Originally developed for space programmes by NASA, TRL became a de facto standard among technology and manufacturing companies and even among research funding agencies. However, while TRL assessments provide a systematic evaluation process resulting in meaningful metric, they are one dimensional: they only answer the question if a technology can go into production. Hence they leave an inherent gap, i.e., if a technology fulfils requirements with a certain quality. This gap becomes intolerable when this metric is applied software such as technological cybersecurity measures. With legislation such as the General Data Protection Regulation4 (GDPR) and the Network and Information Systems Directive5 (NIS-D) making reference to state of the art when requiring appropriate protection measures, software designers are faced with the question how to measure if a technology is suitable to use. We argue that there is a potential mismatch of legal aim and technological reality which not only leads to a risk of non-compliance, but also might lead to weaker protected systems than possible. In that regard, we aim to address the gaps identified with existing Technology Readiness Assessment (TRA)s and aim to overcome these by developing standardised method which is suitable for assessing software w.r.t. its market readiness and quality (in sum maturity).

preprint2015arXiv

Privacy and Data Protection by Design - from policy to engineering

Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.