AppSec USA 2017 has ended
Back To Schedule
Friday, September 22 • 3:30pm - 4:15pm
An Agile Framework for Building GDPR Privacy and Data Protection Requirements into SDLC

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

The consequences of not complying with the requirements of General Data Protection Regulation (GDPR) is immense for all international data processors. The fines and penalties even for small companies can be as high as 20 million EUR, and GDPR requires data protection by design and by default. Most IT companies do not have in-house expertise to identify the required features for full compliance. This work provides a valuable vendor and technology-agnostic toolkit for building GDPR-complaint software with minimum cost and effort. The toolkit is based on a tag-based approach for identifying required features and tasks. After reviewing various privacy regulations, including GDPR, and coding their content, we arrived at a set of tags that fully capture the principles and notions of privacy requirements relevant to software development, deployment and operation. The tags are organized in 14 classes and include sub-tags, and variants. Any list of privacy and security controls can be evaluated using these tags to ascertain if they adequately enable the desired level of privacy. As a case study we will develop the first publicly available agile scrum template, using the proposed tagging system, for the development of an IoT system that transmits private information across the international borders. The tagging system and the approach could be easily customized for any other agile methodology and framework. The talk will expand on some of the recent stories and case studies of how missing the tags can create non-compliance and as a result, huge liability.

avatar for Farbod H Foomany

Farbod H Foomany

Senior Security Researcher (Tech. Lead), Security Compass
Farbod H Foomany is a senior application security researcher (technical lead) at security compass. He has a bachelor degree in electrical engineering (control systems), Masters degree in artificial intelligence and robotics, and has completed a PhD with main research on security aspects... Read More →
avatar for Mina Miri

Mina Miri

Application Security Researcher, Security Compass
Mina has several years of experiences in IT field and is particularly attuned to the need of enterprise level software which demands dependability and well-developed security characteristics. She has Masters in IT Security and a Bachelor degree of engineering in IT Business. In... Read More →

Friday September 22, 2017 3:30pm - 4:15pm EDT
Fiesta 6