Skip to main content

Sharing Cyber Threat Intelligence under the General Data Protection Regulation

Albakri, Adham, de Lemos, Rogerio, Boiten, Eerke Albert (2019) Sharing Cyber Threat Intelligence under the General Data Protection Regulation. In: Annual Privacy Forum 2019, 13-14 June 2019, Rome, Italy. (In press)

PDF - Pre-print
Download (675kB) Preview
[img]
Preview

Abstract

Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compli- ance with the GDPR. We also present a model for evaluating the legal require- ments for supporting decision making when sharing CTI, which also includes advice on the required protection level. Finally, we evaluate our model using use cases of sharing CTI datasets between entities.

Item Type: Conference or workshop item (Paper)
Uncontrolled keywords: Cyber Threat Intelligence, Information Sharing, General Data Pro- tection Regulation GDPR, Legal evaluation.
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software
Divisions: Faculties > Sciences > School of Computing
Depositing User: Rogerio de Lemos
Date Deposited: 28 Mar 2019 16:55 UTC
Last Modified: 03 Jun 2019 09:37 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/73262 (The current URI for this page, for reference purposes)
de Lemos, Rogerio: https://orcid.org/0000-0002-0281-6308
Boiten, Eerke Albert: https://orcid.org/0000-0002-9184-8968
  • Depositors only (login required):

Downloads

Downloads per month over past year