Visible to the public Biblio

Filters: Keyword is Real-time Privacy Risk Evaluation and Enforcement  [Clear All Filters]
2017
Daniel M. Best, Jaspreet Bhatia, Elena Peterson, Travis Breaux.  2017.  Improved cyber threat indicator sharing by scoring privacy risk. 2017 IEEE International Symposium on Technologies for Homeland Security (HST).

Information security can benefit from real-time cyber threat indicator sharing, in which companies and government agencies share their knowledge of emerging cyberattacks to benefit their sector and society at large. As attacks become increasingly sophisticated by exploiting behavioral dimensions of human computer operators, there is an increased risk to systems that store personal information. In addition, risk increases as individuals blur the boundaries between workplace and home computing (e.g., using workplace computers for personal reasons). This paper describes an architecture to leverage individual perceptions of privacy risk to compute privacy risk scores over cyber threat indicator data. Unlike security risk, which is a risk to a particular system, privacy risk concerns an individual's personal information being accessed and exploited. The architecture integrates tools to extract information entities from textual threat reports expressed in the STIX format and privacy risk estimates computed using factorial vignettes to survey individual risk perceptions. The architecture aims to optimize for scalability and adaptability to achieve real-time risk scoring.