Protection of personal data in security alert sharing platforms

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F17%3A00094474" target="_blank" >RIV/00216224:14610/17:00094474 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/citation.cfm?doid=3098954.3105822" target="_blank" >https://dl.acm.org/citation.cfm?doid=3098954.3105822</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3098954.3105822" target="_blank" >10.1145/3098954.3105822</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Protection of personal data in security alert sharing platforms

Popis výsledku v původním jazyce

In order to ensure confidentiality, integrity and availability (so called CIA triad) of data within network infrastructure, it is necessary to be able to detect and handle cyber security incidents. For this purpose, it is vital for Computer Security Incident Response Teams (CSIRT) to have enough data on relevant security events and threats. That is why CSIRTs share security alerts and incidents data using various sharing platforms. Even though they do so primarily to protect data and privacy of users, their use also lead to additional processing of personal data, which may cause new privacy risks. European data protection law, especially with the adoption of the new General data protection regulation, sets out very strict rules on processing of personal data which on one hand leads to greater protection of individual's rights, but on the other creates great obstacles for those who need to share any personal data. This paper analyses the General Data Protection Regulation (GDPR), relevant case-law and analyses by the Article 29 Working Party to propose optimal methods and level of personal data processing necessary for effective use of security alert sharing platforms, which would be legally compliant and lead to appropriate balance between risks.

Název v anglickém jazyce

Protection of personal data in security alert sharing platforms

Popis výsledku anglicky

In order to ensure confidentiality, integrity and availability (so called CIA triad) of data within network infrastructure, it is necessary to be able to detect and handle cyber security incidents. For this purpose, it is vital for Computer Security Incident Response Teams (CSIRT) to have enough data on relevant security events and threats. That is why CSIRTs share security alerts and incidents data using various sharing platforms. Even though they do so primarily to protect data and privacy of users, their use also lead to additional processing of personal data, which may cause new privacy risks. European data protection law, especially with the adoption of the new General data protection regulation, sets out very strict rules on processing of personal data which on one hand leads to greater protection of individual's rights, but on the other creates great obstacles for those who need to share any personal data. This paper analyses the General Data Protection Regulation (GDPR), relevant case-law and analyses by the Article 29 Working Party to propose optimal methods and level of personal data processing necessary for effective use of security alert sharing platforms, which would be legally compliant and lead to appropriate balance between risks.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20162019029" target="_blank" >VI20162019029: Sdílení a analýza bezpečnostních událostí v ČR</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 12th International Conference on Availability, Reliability and Security

ISBN

9781450352574

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

„65:1“-„65:8“

Název nakladatele

ACM

Místo vydání

Reggio Calabria

Místo konání akce

Reggio Calabria

Datum konání akce

29. 8. 2017

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000426964900065