مرکز منطقه ای اطلاع رساني علوم و فناوري - Privacy Principles for Sharing Cyber Security Data

DocumentCode :

3233997

Title :

Privacy Principles for Sharing Cyber Security Data

Author :

Fisk, Gina ; Ardi, Calvin ; Pickett, Neale ; Heidemann, John ; Fisk, Mike ; Papadopoulos, Christos

Author_Institution :

Los Alamos Nat. Lab., Los Alamos, NM, USA

fYear :

2015

fDate :

21-22 May 2015

Firstpage :

193

Lastpage :

197

Abstract :

Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.

Keywords :

business data processing; data privacy; organisational aspects; query processing; risk management; security of data; trusted computing; cyber security data sharing; data exposure; distributed security system; engineering approaches; forward progress; internal information; least disclosure; network traffic; organizational boundaries; organizational risk; personal information exposure; privacy balancing; privacy preservation; privacy principles; privacy risks; qualitative evaluation; queries; security information; trust requirements; Computer security; Data privacy; Distributed databases; Law; Organizations; Privacy; cyber security; data confinement; data sharing; forward progress; least disclosure; minimal requisite fidelity; moderated queries; poker queries; privacy principles; qualitative evaluation;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Security and Privacy Workshops (SPW), 2015 IEEE

Conference_Location :

San Jose, CA

Type :

conf

DOI :

10.1109/SPW.2015.23

Filename :

7163225

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3233997