Internet Archive Scholar

Privacy Principles for Sharing Cyber Security Data

Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, Christos Papadopoulos
2015 2015 IEEE Security and Privacy Workshops  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (118.1 kB)
https://web.archive.org/web/20170705100223/https://www.isi.edu/%7Ecalvin/papers/Fisk15a.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing
more » ... ecurity information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.
doi:10.1109/spw.2015.23 dblp:conf/sp/FiskAPHFP15 fatcat:r2amjo7hunf2pc6r35buraxnq4
Citation

Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, Christos Papadopoulos. "Privacy Principles for Sharing Cyber Security Data." 2015 IEEE Security and Privacy Workshops (2015) 193-197