Sharing Cyber Threat Intelligence under the General Data Protection Regulation

Date

2019-06-13

Advisors

Journal Title

Journal ISSN

ISSN

DOI

Volume Title

Publisher

Springer

Type

Conference

Peer reviewed

Yes

Abstract

Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compliance with the GDPR. We also present a model for evaluating the legal requirements for supporting decision making when sharing CTI, which also includes advice on the required protection level. Finally, we evaluate our model using use cases of sharing CTI datasets between entities.

Description

Keywords

Cyber Threat Intelligence, Information sharing, General Data Protection Regulation, GDPR, Legal evaluation

Citation

Albakri, A., Boiten, E., De Lemos, R. (2019) Sharing Cyber Threat Intelligence Under the General Data Protection Regulation. In: Naldi, M., Italian,o G., Rannenberg, K., Medina, M., Bourka, A. (Eds.) APF2019: Privacy Technologies and Policy, pp.28-41.

Rights

Research Institute

Cyber Technology Institute (CTI)