Privacy Principles for Sharing Cyber Security Data
| Title | Privacy Principles for Sharing Cyber Security Data |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., Papadopoulos, C. |
| Conference Name | 2015 IEEE Security and Privacy Workshops |
| ISBN Number | 978-1-4799-9933-0 |
| Keywords | business data processing, computer security, cyber security, cyber security data sharing, data confinement, data exposure, data privacy, data sharing, Distributed databases, distributed security system, engineering approaches, forward progress, internal information, Law, least disclosure, minimal requisite fidelity, moderated queries, network traffic, organisational aspects, organizational boundaries, organizational risk, Organizations, personal information exposure, poker queries, privacy, privacy balancing, privacy preservation, privacy principles, privacy risks, pubcrawl170106, qualitative evaluation, queries, query processing, risk management, security information, security of data, trust requirements, Trusted Computing |
| Abstract | Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information. |
| URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163225&isnumber=7163193 |
| DOI | 10.1109/SPW.2015.23 |
| Citation Key | fisk_privacy_2015 |
- pubcrawl170106
- organizational risk
- Organizations
- personal information exposure
- poker queries
- privacy
- privacy balancing
- privacy preservation
- privacy principles
- privacy risks
- organizational boundaries
- qualitative evaluation
- queries
- query processing
- risk management
- security information
- security of data
- trust requirements
- Trusted Computing
- engineering approaches
- computer security
- cyber security
- cyber security data sharing
- data confinement
- data exposure
- data privacy
- data sharing
- Distributed databases
- distributed security system
- business data processing
- forward progress
- internal information
- Law
- least disclosure
- minimal requisite fidelity
- moderated queries
- network traffic
- organisational aspects