Quiz Entry - updated: 2026.06.07
What are the steps of a re-identification risk-assessment methodology?
Identify assets → analyze threats → calculate risk → implement controls → monitor & review — a continuous cycle.
A structured, repeating risk-assessment loop:
- Identify assets — catalog the sensitive attributes and quasi-identifiers you hold.
- Analyze threats — model attacker capabilities and motivations (the attacker model).
- Calculate risk — quantify the likelihood and impact of re-identification.
- Implement controls — deploy appropriate anonymization and access restrictions.
- Monitor & review — continuously assess effectiveness and adapt to new threats.
It's a cycle, not a one-shot: because external data and attack techniques keep evolving, the loop must run continuously.
Tip: Notice step 2 (threat model) comes before step 4 (controls) — you can't choose k, l, or ε without first deciding who you're defending against.