Visible to the public Improved cyber threat indicator sharing by scoring privacy riskConflict Detection Enabled

TitleImproved cyber threat indicator sharing by scoring privacy risk
Publication TypeConference Paper
Year of Publication2017
AuthorsDaniel M. Best, Jaspreet Bhatia, Elena Peterson, Travis Breaux
Conference Name2017 IEEE International Symposium on Technologies for Homeland Security (HST)
Date Published04/2017
Conference LocationWaltham, MA
ISBN Number978-1-5090-6356-7
KeywordsAugust'17, CMU, cyber security, information sharing, privacy, Real-time Privacy Risk Evaluation and Enforcement, risk, threat indicators

Information security can benefit from real-time cyber threat indicator sharing, in which companies and government agencies share their knowledge of emerging cyberattacks to benefit their sector and society at large. As attacks become increasingly sophisticated by exploiting behavioral dimensions of human computer operators, there is an increased risk to systems that store personal information. In addition, risk increases as individuals blur the boundaries between workplace and home computing (e.g., using workplace computers for personal reasons). This paper describes an architecture to leverage individual perceptions of privacy risk to compute privacy risk scores over cyber threat indicator data. Unlike security risk, which is a risk to a particular system, privacy risk concerns an individual's personal information being accessed and exploited. The architecture integrates tools to extract information entities from textual threat reports expressed in the STIX format and privacy risk estimates computed using factorial vignettes to survey individual risk perceptions. The architecture aims to optimize for scalability and adaptability to achieve real-time risk scoring.

Citation Keynode-36841

Other available formats: