Privacy Principles for Sharing Cyber Security Data

Fisk, Gina; Ardi, Calvin; Pickett, Neale; Heidemann, John; Fisk, Mike; Papadopoulos, Christos

doi:10.1109/spw.2015.23

Cited by 31 publications

(21 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a thoughtful examination of complex supply-chain systems could link the engagement of different players in the interorganizational fabric of BD ( supply-chain perspective) to ethical concerns associated with data privacy ( ethics perspective). Doing so is especially salient when data collection and analysis do not take place within the same organization and where it is not clear who is responsible for minimizing potential harms to individuals, or data owners (Fisk et al, 2015). Focusing on the relevance of embedding ethics in BDBMs, especially when data are shared across industries, appears to be an extremely relevant opportunity to extend current thinking assessing the bright and dark sides of BD with respect to society (e.g.…”

Section: Discussion and Practical Implicationsmentioning

confidence: 99%

Big-data business models: A critical literature review and multiperspective research framework

Wiener

Saunders

Marabelli

2020

Journal of Information Technology

112

View full text Add to dashboard Cite

The emergence of “big data” offers organizations unprecedented opportunities to gain and maintain competitive advantage. Trying to exploit the strategic business potential embedded in big data, many organizations have started to renovate their business models or develop new ones, giving rise to the phenomenon of big-data business models. Although big-data business model research is still in its infancy, a significant number of studies on the topic have been published since 2014. We thus suggest it is time to perform a critical review and assessment of the literature at the intersection of business models and big data (analytics), thereby responding to recent calls for further research on and sustained analysis of big-data business models. In particular, our review uses three major criteria (big-data business model types, dimensions, and deployment) to assess the state of the big-data business model literature and identify shortcomings in this literature. On this basis, we derive and discuss five central research perspectives (supply chain, stakeholder, ethics, national, and process), providing guidance for future research and theory development in the area. These perspectives also have practical implications on how to address the current big-data business model deployment gap.

show abstract

Section: Discussion and Practical Implicationsmentioning

confidence: 99%

Big-data business models: A critical literature review and multiperspective research framework

Wiener

Saunders

Marabelli

2020

Journal of Information Technology

112

View full text Add to dashboard Cite

show abstract

“…Sharing information about cyber threats requires a combination of technical and policy methods [94]. If an organization decides to share their CTI, a clausal for information has to be included or updated in existing policies [4].…”

Section: Cyber Threat Intelligence Sharing Regulationsmentioning

confidence: 99%

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

172

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities.

show abstract

“…The National Institute of Standards and Technology (NIST) [5] discusses the concepts of privacy engineering and risk management for federal systems and aims to establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems. Fisk et al [14] define three engineering privacy principles that guide sharing security information across organisations: Least Disclosure, Qualitative Evaluation, and Forward Progress.…”

Section: Related Workmentioning

confidence: 99%

Run-Time Monitoring of Data-Handling Violations

et al. 2019

View full text Add to dashboard Cite

Organisations are coming under increasing pressure to respect and protect personal data privacy, especially with the European Union's General Data Protection Regulation (GDPR) now in effect. As legislation and regulation evolve to incentivise such data handling protection, so too does the business case for demonstrating compliance both in spirit and to the letter. Compliance will require ongoing checks as modern systems are constantly changing in terms of digital infrastructure services and business offerings, and the interaction between human and machine. Therefore, monitoring for compliance during run-time is likely to be required. There has been limited research into how to monitor how well a system respects consents given, and withheld, pertaining to handling and onward sharing. This paper proposes a finite state machine method for detecting violations of preferences (consents and revocations) expressed by Data Subjects regarding use of their personal data, and also violations of any related obligations that might be placed upon data handlers. Our approach seeks to enable detection of both accidental and malicious compromises of privacy properties. We also present a concept demonstrator to show the feasibility of our approach and discuss its design and technical implementation.

show abstract

Privacy Principles for Sharing Cyber Security Data

Cited by 31 publications

References 19 publications

Big-data business models: A critical literature review and multiperspective research framework

Big-data business models: A critical literature review and multiperspective research framework

Cyber threat intelligence sharing: Survey and research directions

Run-Time Monitoring of Data-Handling Violations

Contact Info

Product

Resources

About