Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
The GDPR and Big Data: Leading the Way for Big Genetic Data? Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Privacy by Design Data Exchange Between CSIRTs

verfasst von : Erich Schweighofer, Vinzenz Heussler, Peter Kieseberg

Erschienen in: Privacy Technologies and Policy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Computer Security Incident Response Teams (‘CSIRTs’) may exchange personal data about incidents. A privacy by design solution can ensure the compliance with data protection law and the protection of trade secrets. An information platform of CSIRTs is proposed, where incidents are reported in encoded form. Without knowledge of other personal data, only the quantity, region and industry of the attacks can be read out. Additional data–primarily from own security incidents–can be used to calculate a similarity to other incidents.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime
Nächstes Kapitel Mr X vs. Mr Y: The Emergence of Externalities in Differential Privacy
Literatur
1.
ENISA, Anna, S., Konstantinos, M.: Stocktaking, Analysis and Recommendations on the Protection of CIIs, p. 33 (2016)
2.
Kuratorium Sicheres Österreich: KSÖ Rechts- und Technologiedialog – Whitepaper, 2nd ed., p. 20. Vienna (2016)
3.
ENISA, Bourgue, R., Budd, J., Homola, J., Wladenko, M., Kulawik, D.: Detect, SHARE, Protect – Solutions for Improving Threat Data Exchange among CERTs, p. 8 (2013)
4.
ECJ Judgement Case C-582/14 19 October 2016 (Breyer), ECLI:EU:C:2016:779
5.
6.
7.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, pp. 31–50, 23 November 1995
8.
Federal Act concerning the Protection of Personal Data (DSG 2000), Federal Law Gazette I No. 165/1999
9.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, pp. 1–88, 4 May 2016
10.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119, pp. 89–131, 4 May 2016
11.
Article 29 Data Protection Working Party and Working Party on Police and Justice: The Future of Privacy – Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data. 02356/09/EN, adopted on 01 December 2009
12.
ENISA, Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and Data Protection by Design – from policy to engineering, p. iii (2014)
13.
Balboni, P., Macenaite, M.: Privacy by design and anonymisation techniques in action: case study of Ma3tch technology. Comput. Law Secur. Rev. 29(4), 330–340 (2013)CrossRef
14.
Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. OJ L 157, pp. 1–18, 15 June 2016
15.
Kalbfus, B.: Die EU-Geschäftsgeheimnis-Richtlinie. Welcher Umsetzungsbedarf besteht in Deutschland? GRUR 2016, pp. 1009–1018 (2016)
16.
17.
18.
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, OJ L 141, pp. 73–117, 5 June 2015
19.
Kroon, U.: Ma3tch: Privacy AND Knowledge. In: 2013 IEEE International Conference on Big Data
20.
Schweighofer, E., Böszörmenyi, J.: A review of tools to comply with the proposed 4th EU Anti-Money Laundering Directive In: International Review of Law, Computers & Technology, vol. 29, Special Issue: BILETA 2014, pp. 63–77 (2015)
21.
Balboni, P., Macenaite, M.: Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology, pp. 332–333
22.
Balboni, P., Macenaite, M.: Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology, p. 334
23.
Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services, OJ L 108, pp. 33–50, 24 April 2002
24.
Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, OJ L 337, pp. 37–69, 18 December 2009
25.
ENISA, Tofan, D., Moulinos, K., Karsberg, C.: ENISA Impact Evaluation on the Implementation of Article 13a Incident Reporting Scheme within EU, p. 41 (2016)
26.
Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, OJ L 218, pp. 8–14, 14 August 2013
27.
Mell, P., Grance, T.: Use of the common vulnerabilities and exposures (cve) vulnerability naming scheme (No. NIST-SP-800-51). National Inst of Standards and Technology Gaithersburg Md Computer Security Div. (2002)
28.
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)CrossRef
29.
30.
Barnum, S.: Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX™). MITRE Corporation, 11 (2012)
31.
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications. Submission to NIST (Round 2) (2009)
32.
33.
D’Amico, A., Whitley, K., Tesone, D., O’Brien, B., Roth, E.: Achieving cyber defense situational awareness: a cognitive task analysis of information assurance analysts. In: Proceedings of the human factors and ergonomics society annual meeting, vol. 49, No. 3, pp. 229–233. SAGE Publications, Sage CA (2005)
Metadaten
Titel
Privacy by Design Data Exchange Between CSIRTs
verfasst von
Erich Schweighofer
Vinzenz Heussler
Peter Kieseberg
Copyright-Jahr
2017
Buch
Privacy Technologies and Policy

Print ISBN: 978-3-319-67279-3

Electronic ISBN: 978-3-319-67280-9

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-67280-9_6