• DocumentCode
    3233997
  • Title

    Privacy Principles for Sharing Cyber Security Data

  • Author

    Fisk, Gina ; Ardi, Calvin ; Pickett, Neale ; Heidemann, John ; Fisk, Mike ; Papadopoulos, Christos

  • Author_Institution
    Los Alamos Nat. Lab., Los Alamos, NM, USA
  • fYear
    2015
  • fDate
    21-22 May 2015
  • Firstpage
    193
  • Lastpage
    197
  • Abstract
    Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.
  • Keywords
    business data processing; data privacy; organisational aspects; query processing; risk management; security of data; trusted computing; cyber security data sharing; data exposure; distributed security system; engineering approaches; forward progress; internal information; least disclosure; network traffic; organizational boundaries; organizational risk; personal information exposure; privacy balancing; privacy preservation; privacy principles; privacy risks; qualitative evaluation; queries; security information; trust requirements; Computer security; Data privacy; Distributed databases; Law; Organizations; Privacy; cyber security; data confinement; data sharing; forward progress; least disclosure; minimal requisite fidelity; moderated queries; poker queries; privacy principles; qualitative evaluation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy Workshops (SPW), 2015 IEEE
  • Conference_Location
    San Jose, CA
  • Type

    conf

  • DOI
    10.1109/SPW.2015.23
  • Filename
    7163225
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3233997