Abstract
The aim of this paper is to provide an advisory service to organizations in the context of facilitating the development of their CSIR capabilities. A great deal of work has been published regarding the basis of network security policies and the process of setting up CSIRs. This paper examines the implications of European privacy law - specifically the Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (95/46/EC) - for CSIRTs handling information relating to incidents. In particular it examines when and how it is appropriate for a CSIRT to use information itself, and the circumstances in which it may be appropriate to disclose it to others.
Highlights
Computer Security Incident Response Teams (CSIRTs) work at the overlap of legally recognized human rights
This paper endeavors to help achieve the right balance between those, sometimes conflicting, rights. As part of their job to prevent and investigate incidents on the Internet, Computer Security Incident Response Teams (CSIRTs) often handle information that is associated with identifiers such as Internet Protocol (IP) or e-mail addresses
Both security and privacy indicate that a CSIRT should not use or disclose any information if this is unnecessary, but the requirement to strike a balance means that even actions that seem necessary must be assessed to determine how strong the need for them is
Summary
Computer Security Incident Response Teams (CSIRTs) work at the overlap of legally recognized human rights. On the one hand the role of CSIRTs is to provide secure networks and systems on which users can exercise their rights to communicate freely and, if they wish, privately. This paper endeavors to help achieve the right balance between those, sometimes conflicting, rights. As part of their job to prevent and investigate incidents on the Internet, Computer Security Incident Response Teams (CSIRTs) often handle information that is associated with identifiers such as Internet Protocol (IP) or e-mail addresses. CSIRTs need to use this information themselves and may wish to disclose it to others, for example to inform individuals or banks of a phishing attack or to warn potential victims of a new virus threat
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have