Abstract
Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compliance with the GDPR. We also present a model for evaluating the legal requirements for supporting decision making when sharing CTI, which also includes advice on the required protection level. Finally, we evaluate our model using use cases of sharing CTI datasets between entities.
Author supplied keywords
Cite
CITATION STYLE
Albakri, A., Boiten, E., & De Lemos, R. (2019). Sharing Cyber Threat Intelligence Under the General Data Protection Regulation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11498 LNCS, pp. 28–41). Springer Verlag. https://doi.org/10.1007/978-3-030-21752-5_3
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
