GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform

Investor logo

Warning

This publication doesn't include Faculty of Arts. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

HORÁK Martin STUPKA Václav HUSÁK Martin

Year of publication 2019
Type Article in Proceedings
Conference Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)
MU Faculty or unit

Institute of Computer Science

Citation
Web https://dl.acm.org/doi/10.1145/3339252.3340516
Doi http://dx.doi.org/10.1145/3339252.3340516
Keywords CSIRT;GDPR;Information sharing;Intrusion detection;Personal data;Privacy
Attached files
Description In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate the risks to privacy in the alert sharing platform and ensure its compliance with the GDPR's obligations. Second, fears and uncertainties emerged in the alert sharing community regarding the GDPR and its obligations and, thus, willingness to share the information was negatively impacted. We conducted DPIA to investigate risks related to information sharing in cyber security and dismiss doubts within the community. Although our results suggest that the risks are not high, we point out that the hype around GDPR caused substantial development of the sharing platform. The DPIA helped in a deeper understanding of risks and their management and is a solid argument for information sharing in cyber security under GDPR.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.