GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F19%3A00109959" target="_blank" >RIV/00216224:14610/19:00109959 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/10.1145/3339252.3340516" target="_blank" >https://dl.acm.org/doi/10.1145/3339252.3340516</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3339252.3340516" target="_blank" >10.1145/3339252.3340516</a>

Jazyk výsledku

angličtina

Název v původním jazyce

GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform

Popis výsledku v původním jazyce

In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate the risks to privacy in the alert sharing platform and ensure its compliance with the GDPR's obligations. Second, fears and uncertainties emerged in the alert sharing community regarding the GDPR and its obligations and, thus, willingness to share the information was negatively impacted. We conducted DPIA to investigate risks related to information sharing in cyber security and dismiss doubts within the community. Although our results suggest that the risks are not high, we point out that the hype around GDPR caused substantial development of the sharing platform. The DPIA helped in a deeper understanding of risks and their management and is a solid argument for information sharing in cyber security under GDPR.

Název v anglickém jazyce

GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform

Popis výsledku anglicky

In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate the risks to privacy in the alert sharing platform and ensure its compliance with the GDPR's obligations. Second, fears and uncertainties emerged in the alert sharing community regarding the GDPR and its obligations and, thus, willingness to share the information was negatively impacted. We conducted DPIA to investigate risks related to information sharing in cyber security and dismiss doubts within the community. Although our results suggest that the risks are not high, we point out that the hype around GDPR caused substantial development of the sharing platform. The DPIA helped in a deeper understanding of risks and their management and is a solid argument for information sharing in cyber security under GDPR.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)

ISBN

9781450371643

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

„36:1“-„36:8“

Název nakladatele

ACM

Místo vydání

New York

Místo konání akce

Canterbury

Datum konání akce

26. 8. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000552726400036