Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Literature Review Memo 3 Excerpt For CERC: Data Sharing and Cybersecurity (please do not publish in any way without author’s permission, [email protected]), 8/25/2016. For educational purposes only. Question: What does Data Sharing literature have in common and what is missing? Data Sharing Cybersecurity Brown, Sarah, Joep Gommers, and Oscar Serrano. 2015. “From Cyber Security Information Sharing to Threat Management.” In , 43–49. ACM Press. doi:10.1145/2808128.2808133. Notes one of key challenges to implementing platform successfully is trust issues around analytic management and collaboration: “"These processes in particular are usually overlooked when implementing cyber threat intelligence practices and its supporting technologies, yet are some of its key components to predictability and success. Trust in the management and security controls of the system itself is necessary for adoption by one or more intelligence communities of practice." (49) Dandurand, Luc, and Oscar Serrano. 2013. “Towards Improved Cyber Security Information Sharing.” In Cyber Conflict (CyCon), 2013 5th International Conference. Tallinn: IEEE. Using tech answers to handle tech and org/human issues Trust is still issue even between orgs that have experts that trust others in other orgs- authors view technical solutions through development of this knowledge management platform to help enhance trust of data security and validity Fisk, Gina, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, and Christos Papadopoulos. 2015. “Privacy Principles for Sharing Cyber Security Data.” In , 193–97. IEEE. doi:10.1109/SPW.2015.23. Authors take an approach that is technical and policy oriented in terms of how orgs can handle privacy with data sharing- tends towards a cautious view of data sharing for privacy concerns. Freudiger, Julien, Emiliano De Cristofaro, and Alejandro E. Brito. 2015. “Controlled Data Sharing for Collaborative Predictive Blacklisting.” In Detection of Intrusions and Malware, and Vulnerability Assessment, edited by Magnus Almgren, Vincenzo Gulisano, and Federico Maggi, 9148:327–49. Cham: Springer International Publishing. http://link.springer.com/10.1007/978-3-319-20550-2_17. Why private companies avoid data sharing: “In fact, data sharing initiatives are often opposed by the privacy community as potentially harmful to individuals [2], while organizations have little choice other than establishing “circles of trust,” aiming to control potential loss of competitive advantage and data exposure.” (P. 1) Take controlled data sharing approach- between sharing everything and nothing based on decisions about whether or not to share data and how much to share Harrison, Keith, and Gregory White. 2012. “Information Sharing Requirements and Framework Needed for Community Cyber Incident Detection and Response.” In , 463–69. IEEE. doi:10.1109/THS.2012.6459893. Creates algorithm on peer to peer network architecture to solve data sharing- technical solution Literature Review Memo 3 Excerpt For CERC: Data Sharing and Cybersecurity (please do not publish in any way without author’s permission, [email protected]), 8/25/2016. For educational purposes only. Mann, David, Stuart S. Shapiro, and Deb Bodeau. 2014. “Bilateral Analysis of Information Sharing Efforts: Determining the Expected Effectiveness of Information Sharing Efforts.” In , 41–50. ACM Press. doi:10.1145/2663876.2663880. Considers sociological dimensions of collaboration (work practices, diversity of practices between and within groups) to develop BLAISE, a method of assessing whether information efforts will be successful Serrano, Oscar, Luc Dandurand, and Sarah Brown. 2014. “On the Design of a Cyber Security Data Sharing System.” In , 61–69. ACM Press. doi:10.1145/2663876.2663882. Another seeing development of system (tech systems) as solutions to data sharing problem Problem so far is no system solution has attended to “all” the problems Wanying Zhao, and Gregory White. 2014. “Designing a Formal Model Facilitating Collaborative Information Sharing for Community Cyber Security.” In , 1987–96. IEEE. doi:10.1109/HICSS.2014.252. Design policy model for information framework specifically designed to work between communities Suggests that future work should concern “who” in communities are tasked with collection/dissemtination of information and establishment of groups (such as Super Groups, etc) Woods, Bronwyn, Samuel J. Perl, and Brian Lindauer. 2015. “Data Mining for Efficient Collaborative Information Discovery.” In , 3–12. ACM Press. doi:10.1145/2808128.2808130. Use data mining techniques to help with privacy as well as lower cost/risk for orgs. Thoughts/Themes Seen in Literature: Commonalities and Differences Most of articles are in ACM and IEEE- how does that shape their methods and conceptual approach? Theme of trying to find all the social and technical challenges and create a technical system to overcome and attend to challenges Theme of trying to find challenges and create a policy framework to overcome challenges Focus on developing the “right” algorithm, the “right” infrastructure”, the “right” policy and that will (implicitly or explicitly improve trust, or get around the trust issue) encourage increasing data sharing collaboration Gap: not taking organizational/social approach to trust as part of solution.