GDPR Compliance in Cybersecurity Software: A Case Study of DPIA in Information Sharing Platform

Logo poskytovatele

Varování

Publikace nespadá pod Filozofickou fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

HORÁK Martin STUPKA Václav HUSÁK Martin

Rok publikování 2019
Druh Článek ve sborníku
Konference Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www https://dl.acm.org/doi/10.1145/3339252.3340516
Doi http://dx.doi.org/10.1145/3339252.3340516
Klíčová slova CSIRT;GDPR;Information sharing;Intrusion detection;Personal data;Privacy
Přiložené soubory
Popis In this article, we discuss the issues of GDPR's impact on cyber-security software and operations, namely automated information sharing. We illustrate the topic on an example of an intrusion detection alert sharing platform. First, we had to investigate the risks to privacy in the alert sharing platform and ensure its compliance with the GDPR's obligations. Second, fears and uncertainties emerged in the alert sharing community regarding the GDPR and its obligations and, thus, willingness to share the information was negatively impacted. We conducted DPIA to investigate risks related to information sharing in cyber security and dismiss doubts within the community. Although our results suggest that the risks are not high, we point out that the hype around GDPR caused substantial development of the sharing platform. The DPIA helped in a deeper understanding of risks and their management and is a solid argument for information sharing in cyber security under GDPR.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.