Protection of personal data in security alert sharing platforms
作者: Václav Stupka , Martin Horák , Martin Husák
关键词:
摘要: In order to ensure confidentiality, integrity and availability (so called CIA triad) of data within network infrastructure, it is necessary be able detect handle cyber security incidents. For this purpose, vital for Computer Security Incident Response Teams (CSIRT) have enough on relevant events threats. That why CSIRTs share alerts incidents using various sharing platforms. Even though they do so primarily protect privacy users, their use also lead additional processing personal data, which may cause new risks. European protection law, especially with the adoption General regulation, sets out very strict rules one hand leads greater individual's rights, but other creates great obstacles those who need any data. This paper analyses Data Protection Regulation (GDPR), case-law by Article 29 Working Party propose optimal methods level effective alert platforms, would legally compliant appropriate balance between
acm.org
core.ac.uk
sci-hub.se 参考文章(17)
Neil Robinson, Hans Graux, A Flair for Sharing - Encouraging Information Exchange Between CERTs European Network and Information Security Agency (ENISA). ,(2011)
Matthew H. Fleming, Eric Goldstein, Metrics for Measuring the Efficacy of Critical-Infrastructure-Centric Cybersecurity Information Sharing Efforts Social Science Research Network. ,(2012) , 10.2139/SSRN.2201033
Jessica Steinberger, Anna Sperotto, Mario Golling, Harald Baier, How to exchange security events? Overview and evaluation of formats and protocols integrated network management. pp. 261- 269 ,(2015) , 10.1109/INM.2015.7140300
Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, Mathias Fischer, Taxonomy and Survey of Collaborative Intrusion Detection ACM Computing Surveys. ,vol. 47, pp. 55- ,(2015) , 10.1145/2716260
Rick Hofstede, Pavel Celeda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, Aiko Pras, Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 2037- 2064 ,(2014) , 10.1109/COMST.2014.2321898
Guozhu Meng, Yang Liu, Jie Zhang, Alexander Pokluda, Raouf Boutaba, Collaborative Security: A Survey and Taxonomy ACM Computing Surveys. ,vol. 48, pp. 1- 42 ,(2015) , 10.1145/2785733
Graham Greenleaf, Global data privacy laws: 89 countries, and accelerating Social Science Research Network. ,(2012)
Oscar Serrano, Luc Dandurand, Sarah Brown, On the Design of a Cyber Security Data Sharing System Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. pp. 61- 69 ,(2014) , 10.1145/2663876.2663882
F. Valeur, G. Vigna, C. Kruegel, R.A. Kemmerer, Comprehensive approach to intrusion detection alert correlation IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 146- 169 ,(2004) , 10.1109/TDSC.2004.21
Herve Debar, Benjamin S. Feinstein, David A. Curry, The Intrusion Detection Message Exchange Format (IDMEF) RFC. ,vol. 4765, pp. 1- 157 ,(2007)