Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Risk Assessment Tools

Return to Browse


FAIR Privacy

GitHub POC: @privacymaverick
Affiliation/Organization(s) Contributing: Enterprivacy Consulting Group 

FAIR Privacy is a quantitative privacy risk framework based on FAIR (Factors Analysis in Information Risk). FAIR Privacy examines personal privacy risks (to individuals), not organizational risks. Included in this tool is a PowerPoint deck illustrating the components of FAIR Privacy and an example based on the US Census. In addition, an Excel spreadsheet provides a powerful risk calculator using Monte Carlo simulation.

Notes: Some additional resources are provided in the PowerPoint deck.

Feedback and suggestions for improvement on both the framework and the included calculator are welcome. Additionally, analysis of the spreadsheet by a statistician is most welcome.

FAIR Privacy on GitHub   Share Feedback


NIST Privacy Risk Assessment Methodology (PRAM)

GitHub POC: @kboeckl
Affiliation/Organization(s) Contributing: NIST

The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.

Worksheet 1: Framing Business Objectives and Organizational Privacy Governance
Worksheet 2: Assessing System Design; Supporting Data Map
Worksheet 3: Prioritizing Risk
Worksheet 4: Selecting Controls
Catalog of Problematic Data Actions and Problems

Notes: NIST welcomes organizations to use the PRAM and share feedback to improve the PRAM.

PRAM on GitHub   Share Feedback


Interested in contributing? 

Contribute your privacy risk assessment tool.

Contribute

Created October 28, 2018, Updated September 19, 2019