GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform
Authors | |
---|---|
Year of publication | 2019 |
Type | Article in Proceedings |
Conference | Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) |
MU Faculty or unit | |
Citation | |
web | https://dl.acm.org/doi/10.1145/3339252.3340516 |
Doi | http://dx.doi.org/10.1145/3339252.3340516 |
Keywords | CSIRT;GDPR;Information sharing;Intrusion detection;Personal data;Privacy |
Attached files | |
Description | In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate the risks to privacy in the alert sharing platform and ensure its compliance with the GDPR's obligations. Second, fears and uncertainties emerged in the alert sharing community regarding the GDPR and its obligations and, thus, willingness to share the information was negatively impacted. We conducted DPIA to investigate risks related to information sharing in cyber security and dismiss doubts within the community. Although our results suggest that the risks are not high, we point out that the hype around GDPR caused substantial development of the sharing platform. The DPIA helped in a deeper understanding of risks and their management and is a solid argument for information sharing in cyber security under GDPR. |
Related projects: |