RISK MODEL OF APPLICATION OF LIFTING METHODS
Annotatsiya
The article discusses the main provisions (methods, risk models, calculation algorithms, etc.) of theissue of organizing the protection of personal data (PD), based on the application of anonymizationprocedure. The authors reveal the relevance of the studied problem based on the tendency of thegeneral growth of informatization and the further development of the Big Data technology. Thiscircumstance leads to the need to use the so-called risk approach based on calculating the risk of PD asa probabilistic assessment of the amount of possible damage that the owner of the data resource mayincur as a result of a successfully carried out information attack. For this purpose, the article describesan algorithm for calculating the risk of PD and proposes a risk model of the depersonalizationprocedure, which considers confidentiality problems arising both as a result of unauthorized accessand as a consequence of planned data processing. To describe the risk model of the anonymizationprocedure, the types of attacks on the confidentiality of personal data, anonymization metrics andequivalence classes are analyzed, as well as the attacker's profiles and data distribution scenarios.Thus, the choice of a risk model for the depersonalization procedure was justified, and calculations forthe generated synthetic set of PDs were presented. As a conclusion, it should be noted that the modelof anonymization risk assessment proposed and tested on synthetic data makes it possible to abandonthe concept of guaranteed anonymized data, introducing certain boundaries for working with risks andbuilding a continuous process for assessing PD threats, taking into account the constantly growingvolume of stored and processed information.