%PDF-1.4 % 1 0 obj << /S /GoTo /D (section*.2) >> endobj 4 0 obj (Abstract) endobj 5 0 obj << /S /GoTo /D (section*.4) >> endobj 8 0 obj (Sammendrag) endobj 9 0 obj << /S /GoTo /D (section*.6) >> endobj 12 0 obj (Acknowledgments) endobj 13 0 obj << /S /GoTo /D (section*.8) >> endobj 16 0 obj (Contents) endobj 17 0 obj << /S /GoTo /D (section*.10) >> endobj 20 0 obj (List of Figures) endobj 21 0 obj << /S /GoTo /D (section*.12) >> endobj 24 0 obj (List of Tables) endobj 25 0 obj << /S /GoTo /D (section*.13) >> endobj 28 0 obj (Introduction) endobj 29 0 obj << /S /GoTo /D (section.1.1) >> endobj 32 0 obj (Topics covered by the thesis) endobj 33 0 obj << /S /GoTo /D (section.1.2) >> endobj 36 0 obj (Keywords) endobj 37 0 obj << /S /GoTo /D (section.1.3) >> endobj 40 0 obj (Problem description) endobj 41 0 obj << /S /GoTo /D (section.1.4) >> endobj 44 0 obj (Justification, motivation and benefits) endobj 45 0 obj << /S /GoTo /D (section.1.5) >> endobj 48 0 obj (Research Questions) endobj 49 0 obj << /S /GoTo /D (section.1.6) >> endobj 52 0 obj (Scope of the thesis) endobj 53 0 obj << /S /GoTo /D (section.1.7) >> endobj 56 0 obj (Thesis outline) endobj 57 0 obj << /S /GoTo /D (section.1.8) >> endobj 60 0 obj (Summary of contributions) endobj 61 0 obj << /S /GoTo /D (section*.15) >> endobj 64 0 obj (Related Work) endobj 65 0 obj << /S /GoTo /D (section.2.1) >> endobj 68 0 obj (Privacy and Privacy Risks) endobj 69 0 obj << /S /GoTo /D (section.2.2) >> endobj 72 0 obj (Identity and Identity Management) endobj 73 0 obj << /S /GoTo /D (section.2.3) >> endobj 76 0 obj (Risk Management) endobj 77 0 obj << /S /GoTo /D (section.2.4) >> endobj 80 0 obj (Risk Analysis) endobj 81 0 obj << /S /GoTo /D (subsection.2.4.1) >> endobj 84 0 obj (Threat Identification - Stakeholder Analysis) endobj 85 0 obj << /S /GoTo /D (subsection.2.4.2) >> endobj 88 0 obj (Threat Identification - Threat Modeling) endobj 89 0 obj << /S /GoTo /D (subsection.2.4.3) >> endobj 92 0 obj (Risk Estimation) endobj 93 0 obj << /S /GoTo /D (section*.23) >> endobj 96 0 obj (Choice of Scientific Method) endobj 97 0 obj << /S /GoTo /D (section.3.1) >> endobj 100 0 obj (Research question 1) endobj 101 0 obj << /S /GoTo /D (section.3.2) >> endobj 104 0 obj (Research question 2) endobj 105 0 obj << /S /GoTo /D (section.3.3) >> endobj 108 0 obj (Research question 3) endobj 109 0 obj << /S /GoTo /D (section.3.4) >> endobj 112 0 obj (Research question 4) endobj 113 0 obj << /S /GoTo /D (section.3.5) >> endobj 116 0 obj (Metrics for comparison of Risk assessment approaches) endobj 117 0 obj << /S /GoTo /D (section.3.6) >> endobj 120 0 obj (Conclusion) endobj 121 0 obj << /S /GoTo /D (section*.26) >> endobj 124 0 obj (Context Establishment and Risk Analysis Methodologies) endobj 125 0 obj << /S /GoTo /D (section.4.1) >> endobj 128 0 obj (Choice of IdMS for Comparative Case Study) endobj 129 0 obj << /S /GoTo /D (section.4.2) >> endobj 132 0 obj (Case study 1 - Privacy Impact Assessment) endobj 133 0 obj << /S /GoTo /D (subsection.4.2.1) >> endobj 136 0 obj (Justification for using PIA on MinID) endobj 137 0 obj << /S /GoTo /D (subsection.4.2.2) >> endobj 140 0 obj (Stakeholder Analysis in PIA) endobj 141 0 obj << /S /GoTo /D (subsection.4.2.3) >> endobj 144 0 obj (Choice of Risk Analysis tool for PIA) endobj 145 0 obj << /S /GoTo /D (section.4.3) >> endobj 148 0 obj (Case Study 2 - Risk IT) endobj 149 0 obj << /S /GoTo /D (subsection.4.3.1) >> endobj 152 0 obj (Threat Modeling) endobj 153 0 obj << /S /GoTo /D (section.4.4) >> endobj 156 0 obj (Privacy Risk Impact for Case Studies) endobj 157 0 obj << /S /GoTo /D (section.4.5) >> endobj 160 0 obj (Summary of Conclusions) endobj 161 0 obj << /S /GoTo /D (section*.33) >> endobj 164 0 obj (Privacy Risks for Risk Analysis) endobj 165 0 obj << /S /GoTo /D (section.5.1) >> endobj 168 0 obj (Privacy Risks for IdMS) endobj 169 0 obj << /S /GoTo /D (section.5.2) >> endobj 172 0 obj (Determining Privacy Risk Impact) endobj 173 0 obj << /S /GoTo /D (section.5.3) >> endobj 176 0 obj (Summary of results) endobj 177 0 obj << /S /GoTo /D (section*.36) >> endobj 180 0 obj (Stakeholder Analysis as Privacy Threat Identification) endobj 181 0 obj << /S /GoTo /D (section.6.1) >> endobj 184 0 obj (Expanded Stakeholder Analysis) endobj 185 0 obj << /S /GoTo /D (subsection.6.1.1) >> endobj 188 0 obj (Capabilities) endobj 189 0 obj << /S /GoTo /D (subsection.6.1.2) >> endobj 192 0 obj (Incentives) endobj 193 0 obj << /S /GoTo /D (subsection.6.1.3) >> endobj 196 0 obj (Attitude and Knowledge) endobj 197 0 obj << /S /GoTo /D (subsection.6.1.4) >> endobj 200 0 obj (Assets) endobj 201 0 obj << /S /GoTo /D (subsection.6.1.5) >> endobj 204 0 obj (Relationship with other Stakeholders) endobj 205 0 obj << /S /GoTo /D (subsection.6.1.6) >> endobj 208 0 obj (Consequences of capabilities on assets and affected Stakeholders) endobj 209 0 obj << /S /GoTo /D (section.6.2) >> endobj 212 0 obj (Using Stakeholder Attributes to help determine likelihood) endobj 213 0 obj << /S /GoTo /D (section.6.3) >> endobj 216 0 obj (Summary) endobj 217 0 obj << /S /GoTo /D (section*.42) >> endobj 220 0 obj (Scenario Description) endobj 221 0 obj << /S /GoTo /D (section.7.1) >> endobj 224 0 obj (Scenario background) endobj 225 0 obj << /S /GoTo /D (subsection.7.1.1) >> endobj 228 0 obj (Difi Objectives) endobj 229 0 obj << /S /GoTo /D (subsection.7.1.2) >> endobj 232 0 obj (MinID purpose and functionalities) endobj 233 0 obj << /S /GoTo /D (section.7.2) >> endobj 236 0 obj (The MinID IdMS) endobj 237 0 obj << /S /GoTo /D (section.7.3) >> endobj 240 0 obj (Stakeholders, MinID) endobj 241 0 obj << /S /GoTo /D (section.7.4) >> endobj 244 0 obj (Summary of the Scenario description) endobj 245 0 obj << /S /GoTo /D (section*.47) >> endobj 248 0 obj (Case study 1 - Privacy Impact Assessment) endobj 249 0 obj << /S /GoTo /D (section.8.1) >> endobj 252 0 obj (Using the PIA framework) endobj 253 0 obj << /S /GoTo /D (subsection.8.1.1) >> endobj 256 0 obj (Initial Assessment) endobj 257 0 obj << /S /GoTo /D (subsection.8.1.2) >> endobj 260 0 obj (Preliminary Phase) endobj 261 0 obj << /S /GoTo /D (subsection.8.1.3) >> endobj 264 0 obj (Preparation Phase) endobj 265 0 obj << /S /GoTo /D (subsection.8.1.4) >> endobj 268 0 obj (Consultation and Analysis) endobj 269 0 obj << /S /GoTo /D (subsection.8.1.5) >> endobj 272 0 obj (Documentation Phase) endobj 273 0 obj << /S /GoTo /D (section.8.2) >> endobj 276 0 obj (Privacy Impact Assessment Results) endobj 277 0 obj << /S /GoTo /D (subsection.8.2.1) >> endobj 280 0 obj (Stakeholder Analysis Results) endobj 281 0 obj << /S /GoTo /D (subsection.8.2.2) >> endobj 284 0 obj (Threat scenarios from Stakeholder Analysis and Initial Assessment) endobj 285 0 obj << /S /GoTo /D (subsection.8.2.3) >> endobj 288 0 obj (MEHARI Privacy Risk Analysis Results) endobj 289 0 obj << /S /GoTo /D (subsection.8.2.4) >> endobj 292 0 obj (Use of time) endobj 293 0 obj << /S /GoTo /D (section.8.3) >> endobj 296 0 obj (Summary of findings using the PIA framework) endobj 297 0 obj << /S /GoTo /D (section.8.4) >> endobj 300 0 obj (Summary of Results using the PIA framework) endobj 301 0 obj << /S /GoTo /D (section*.59) >> endobj 304 0 obj (Case study 2 - Risk IT) endobj 305 0 obj << /S /GoTo /D (section.9.1) >> endobj 308 0 obj (Using the Risk IT) endobj 309 0 obj << /S /GoTo /D (subsection.9.1.1) >> endobj 312 0 obj (Defining the Risk Universe) endobj 313 0 obj << /S /GoTo /D (subsection.9.1.2) >> endobj 316 0 obj (Risk Scenario Identification) endobj 317 0 obj << /S /GoTo /D (subsection.9.1.3) >> endobj 320 0 obj (Risk Analysis) endobj 321 0 obj << /S /GoTo /D (section.9.2) >> endobj 324 0 obj (Risk IT Results) endobj 325 0 obj << /S /GoTo /D (subsection.9.2.1) >> endobj 328 0 obj (Identified threat scenarios) endobj 329 0 obj << /S /GoTo /D (subsection.9.2.2) >> endobj 332 0 obj (Risk Analysis Results) endobj 333 0 obj << /S /GoTo /D (subsection.9.2.3) >> endobj 336 0 obj (Use of time) endobj 337 0 obj << /S /GoTo /D (section.9.3) >> endobj 340 0 obj (Summary of Findings using the Risk IT framework) endobj 341 0 obj << /S /GoTo /D (section.9.4) >> endobj 344 0 obj (Summary of Results using the Risk IT framework) endobj 345 0 obj << /S /GoTo /D (section*.69) >> endobj 348 0 obj (Comparison of Results and Findings from the Case-Studies) endobj 349 0 obj << /S /GoTo /D (section.10.1) >> endobj 352 0 obj (PIA findings) endobj 353 0 obj << /S /GoTo /D (section.10.2) >> endobj 356 0 obj (Risk IT findings and comparison) endobj 357 0 obj << /S /GoTo /D (section.10.3) >> endobj 360 0 obj (Comparison of results) endobj 361 0 obj << /S /GoTo /D (subsection.10.3.1) >> endobj 364 0 obj (Cost-benefit analysis of Time Use) endobj 365 0 obj << /S /GoTo /D (subsection.10.3.2) >> endobj 368 0 obj (Comparison Risk Analysis Results) endobj 369 0 obj << /S /GoTo /D (section.10.4) >> endobj 372 0 obj (Did PIA live up to expectations?) endobj 373 0 obj << /S /GoTo /D (section.10.5) >> endobj 376 0 obj (Summary, Comparison of key findings) endobj 377 0 obj << /S /GoTo /D (section.10.6) >> endobj 380 0 obj (Summary, Comparison of results) endobj 381 0 obj << /S /GoTo /D (section*.78) >> endobj 384 0 obj (Discussion) endobj 385 0 obj << /S /GoTo /D (section.11.1) >> endobj 388 0 obj (Research Question 1) endobj 389 0 obj << /S /GoTo /D (section.11.2) >> endobj 392 0 obj (Research Question 2) endobj 393 0 obj << /S /GoTo /D (section.11.3) >> endobj 396 0 obj (Research Question 3) endobj 397 0 obj << /S /GoTo /D (section.11.4) >> endobj 400 0 obj (Research Question 4) endobj 401 0 obj << /S /GoTo /D (section*.79) >> endobj 404 0 obj (Future work) endobj 405 0 obj << /S /GoTo /D (section*.80) >> endobj 408 0 obj (Conclusion) endobj 409 0 obj << /S /GoTo /D (section*.82) >> endobj 412 0 obj (Bibliography) endobj 413 0 obj << /S /GoTo /D (section*.83) >> endobj 416 0 obj (Appendix - Privacy Impact Assessment Report) endobj 417 0 obj << /S /GoTo /D (section*.84) >> endobj 420 0 obj (Appendix - Risk IT report) endobj 421 0 obj << /S /GoTo /D (section*.85) >> endobj 424 0 obj (Appendix - Complete Scenario Description) endobj 425 0 obj << /S /GoTo /D (section.C.1) >> endobj 428 0 obj (Scenario background) endobj 429 0 obj << /S /GoTo /D (subsection.C.1.1) >> endobj 432 0 obj (Difi Objectives) endobj 433 0 obj << /S /GoTo /D (subsection.C.1.2) >> endobj 436 0 obj (MinID purpose and functionalities) endobj 437 0 obj << /S /GoTo /D (subsection.C.1.3) >> endobj 440 0 obj (MinID, expectation and regulations by the Norwegian Government) endobj 441 0 obj << /S /GoTo /D (subsection.C.1.4) >> endobj 444 0 obj (Laws and regulations) endobj 445 0 obj << /S /GoTo /D (subsection.C.1.5) >> endobj 448 0 obj (MinID privacy policies) endobj 449 0 obj << /S /GoTo /D (section.C.2) >> endobj 452 0 obj (The MinID IdMS) endobj 453 0 obj << /S /GoTo /D (subsection.C.2.1) >> endobj 456 0 obj (Technology and solutions) endobj 457 0 obj << /S /GoTo /D (section.C.3) >> endobj 460 0 obj (Stakeholders, MinID) endobj 461 0 obj << /S /GoTo /D (subsection.C.3.1) >> endobj 464 0 obj (Class 1 - 1.Internal actors\(Difi\)) endobj 465 0 obj << /S /GoTo /D (subsection.C.3.2) >> endobj 468 0 obj (Class 1 - 2. Government) endobj 469 0 obj << /S /GoTo /D (subsection.C.3.3) >> endobj 472 0 obj (Class 1 - 3. External users) endobj 473 0 obj << /S /GoTo /D (subsection.C.3.4) >> endobj 476 0 obj (Class 1 - 4. Service Providers) endobj 477 0 obj << /S /GoTo /D (subsection.C.3.5) >> endobj 480 0 obj (Class 5 - 1. External threats) endobj 481 0 obj << /S /GoTo /D (section.C.4) >> endobj 484 0 obj (Summary of the Scenario description) endobj 485 0 obj << /S /GoTo /D (section*.115) >> endobj 488 0 obj (Appendix - Stakeholder Analysis) endobj 489 0 obj << /S /GoTo /D (section*.116) >> endobj 492 0 obj (Appendix - Questionnaire) endobj 493 0 obj << /S /GoTo /D (section*.117) >> endobj 496 0 obj (Appendix - Difi Correspondance) endobj 497 0 obj << /S /GoTo /D (section*.118) >> endobj 500 0 obj (Appendix - Hour list) endobj 501 0 obj << /S /GoTo /D [502 0 R /Fit ] >> endobj 505 0 obj << /Length 396 /Filter /FlateDecode >> stream xڅRMO@+fv?Yæ&&j1@t1<{ ?q{;ƀD(A19#H qog~}*QR%c[{&>$qd6Yetw@0CIPA; C9pD(3272wʒO 2-U$.b9L`F!!-o#&L2?dUޓHUcj@^ Q Ts㬌7wqɉKEֹT*unY^IkwVv