Privacy Principles for Sharing Cyber Security Data. Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., & Papadopoulos, C. In Proceedings of the IEEE International Workshop on Privacy Engineering, pages 193–197, San Jose, California, USA, May, 2015. IEEE. ![Privacy Principles for Sharing Cyber Security Data [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper doi abstract bibtex Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.
@InProceedings{Fisk15a,
author = "Gina Fisk and Calvin Ardi and Neale Pickett
and John Heidemann and Mike Fisk and Christos Papadopoulos",
title = "Privacy Principles for Sharing Cyber Security Data",
booktitle = "Proceedings of the " # " IEEE International Workshop on Privacy Engineering",
year = 2015,
sortdate = "2015-05-21",
projects = "ant, retrofuture",
jsubject = "network_observation",
pages = "193--197",
month = may,
address = "San Jose, California, USA",
publisher = "IEEE",
keywords = "map/reduce, file map, lanl, retrofuture",
jlocation = "johnh: pafile",
copyright = "IEEE",
copyrightterms = " Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ",
myorganization = "USC/Information Sciences Institute",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.pdf",
doi = "http://dx.doi.org/10.1109/SPW.2015.23",
blogurl = "https://ant.isi.edu/blog/?p=670",
abstract = "
Sharing cyber security data across organizational boundaries brings
both privacy risks in the exposure of personal information and data,
and organizational risk in disclosing internal information. These
risks occur as information leaks in network traffic or logs, and also
in queries made across organizations. They are also complicated by
the trade-offs in privacy preservation and utility present in
anonymization to manage disclosure. In this paper, we define three
principles that guide sharing security information across
organizations: Least Disclosure, Qualitative Evaluation, and Forward
Progress. We then discuss engineering approaches that apply these
principles to a distributed security system. Application of these
principles can reduce the risk of data exposure and help manage trust
requirements for data sharing, helping to meet our goal of balancing
privacy, organizational risk, and the ability to better respond to
security with shared information.
",
}
Downloads: 0
{"_id":"baF6JwFYxyEqFWZ7m","bibbaseid":"fisk-ardi-pickett-heidemann-fisk-papadopoulos-privacyprinciplesforsharingcybersecuritydata-2015","author_short":["Fisk, G.","Ardi, C.","Pickett, N.","Heidemann, J.","Fisk, M.","Papadopoulos, C."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["Gina"],"propositions":[],"lastnames":["Fisk"],"suffixes":[]},{"firstnames":["Calvin"],"propositions":[],"lastnames":["Ardi"],"suffixes":[]},{"firstnames":["Neale"],"propositions":[],"lastnames":["Pickett"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["Mike"],"propositions":[],"lastnames":["Fisk"],"suffixes":[]},{"firstnames":["Christos"],"propositions":[],"lastnames":["Papadopoulos"],"suffixes":[]}],"title":"Privacy Principles for Sharing Cyber Security Data","booktitle":"Proceedings of the IEEE International Workshop on Privacy Engineering","year":"2015","sortdate":"2015-05-21","projects":"ant, retrofuture","jsubject":"network_observation","pages":"193–197","month":"May","address":"San Jose, California, USA","publisher":"IEEE","keywords":"map/reduce, file map, lanl, retrofuture","jlocation":"johnh: pafile","copyright":"IEEE","copyrightterms":"Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ","myorganization":"USC/Information Sciences Institute","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.pdf","doi":"http://dx.doi.org/10.1109/SPW.2015.23","blogurl":"https://ant.isi.edu/blog/?p=670","abstract":"Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information. ","bibtex":"@InProceedings{Fisk15a,\n\tauthor = \t\"Gina Fisk and Calvin Ardi and Neale Pickett\n and John Heidemann and Mike Fisk and Christos Papadopoulos\",\n\ttitle = \t\"Privacy Principles for Sharing Cyber Security Data\",\n\tbooktitle = \t\"Proceedings of the \" # \" IEEE International Workshop on Privacy Engineering\",\n\tyear = \t\t2015,\n\tsortdate = \"2015-05-21\",\n\tprojects = \"ant, retrofuture\",\n\tjsubject = \"network_observation\",\n\tpages = \t\"193--197\",\n\tmonth = \tmay,\n\taddress = \t\"San Jose, California, USA\",\n\tpublisher = \t\"IEEE\",\n\tkeywords = \t\"map/reduce, file map, lanl, retrofuture\",\n\tjlocation = \t\"johnh: pafile\",\n\tcopyright = \"IEEE\",\n\tcopyrightterms = \"\tPersonal use of this material is permitted. Permission from IEEE must \tbe obtained for all other uses, in any current or future media, \tincluding reprinting/republishing this material for advertising or \tpromotional purposes, creating new collective works, for resale or \tredistribution to servers or lists, or reuse of any copyrighted \tcomponent of this work in other works. \",\n\tmyorganization =\t\"USC/Information Sciences Institute\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.pdf\",\n\tdoi = \"http://dx.doi.org/10.1109/SPW.2015.23\",\n\tblogurl = \t\"https://ant.isi.edu/blog/?p=670\",\n\tabstract = \"\nSharing cyber security data across organizational boundaries brings\nboth privacy risks in the exposure of personal information and data,\nand organizational risk in disclosing internal information. These\nrisks occur as information leaks in network traffic or logs, and also\nin queries made across organizations. They are also complicated by\nthe trade-offs in privacy preservation and utility present in\nanonymization to manage disclosure. In this paper, we define three\nprinciples that guide sharing security information across\norganizations: Least Disclosure, Qualitative Evaluation, and Forward\nProgress. We then discuss engineering approaches that apply these\nprinciples to a distributed security system. Application of these\nprinciples can reduce the risk of data exposure and help manage trust\nrequirements for data sharing, helping to meet our goal of balancing\nprivacy, organizational risk, and the ability to better respond to\nsecurity with shared information.\n\",\n}\n\n","author_short":["Fisk, G.","Ardi, C.","Pickett, N.","Heidemann, J.","Fisk, M.","Papadopoulos, C."],"bibbaseid":"fisk-ardi-pickett-heidemann-fisk-papadopoulos-privacyprinciplesforsharingcybersecuritydata-2015","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.html"},"keyword":["map/reduce","file map","lanl","retrofuture"],"metadata":{"authorlinks":{}}},"bibtype":"inproceedings","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","sz46kuqqKmGQiNuh4","fLZcDgNSoSuatv6aX","tAs2bxgkkLZB7xfoZ","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["map/reduce","file map","lanl","retrofuture"],"search_terms":["privacy","principles","sharing","cyber","security","data","fisk","ardi","pickett","heidemann","fisk","papadopoulos"],"title":"Privacy Principles for Sharing Cyber Security Data","year":2015}