Abstract

The aim of this paper is to provide an advisory service to organizations in the context of facilitating the development of their CSIR capabilities. A great deal of work has been published regarding the basis of network security policies and the process of setting up CSIRs. This paper examines the implications of European privacy law - specifically the Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (95/46/EC) - for CSIRTs handling information relating to incidents. In particular it examines when and how it is appropriate for a CSIRT to use information itself, and the circumstances in which it may be appropriate to disclose it to others.

Highlights

  • Computer Security Incident Response Teams (CSIRTs) work at the overlap of legally recognized human rights

  • This paper endeavors to help achieve the right balance between those, sometimes conflicting, rights. As part of their job to prevent and investigate incidents on the Internet, Computer Security Incident Response Teams (CSIRTs) often handle information that is associated with identifiers such as Internet Protocol (IP) or e-mail addresses

  • Both security and privacy indicate that a CSIRT should not use or disclose any information if this is unnecessary, but the requirement to strike a balance means that even actions that seem necessary must be assessed to determine how strong the need for them is

Read more

Summary

Introduction

Computer Security Incident Response Teams (CSIRTs) work at the overlap of legally recognized human rights. On the one hand the role of CSIRTs is to provide secure networks and systems on which users can exercise their rights to communicate freely and, if they wish, privately. This paper endeavors to help achieve the right balance between those, sometimes conflicting, rights. As part of their job to prevent and investigate incidents on the Internet, Computer Security Incident Response Teams (CSIRTs) often handle information that is associated with identifiers such as Internet Protocol (IP) or e-mail addresses. CSIRTs need to use this information themselves and may wish to disclose it to others, for example to inform individuals or banks of a phishing attack or to warn potential victims of a new virus threat

Purpose of Processing
Factors to be Considered
Does the Action Support Legitimate Interests?
Are the Data Subject’s Interests Protected?
Is Processing Justified?
Malware Analysis Honeypot
Forensic Data from Compromised Machine
Collection
Disclosure
Disclosure of Denial of Service Victims
Automatic Processing
Darknet Mesh
Notifying the Individual
Notifying the Regulator
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call