Pseudonymous audit for privacy enhanced intrusion detection
SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Development of a legal framework for intrusion detection
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
| Hi-index | 0.00 |
The global nature of the information infrastructure presents enormous opportunities to organizations. However, global interconnection also means global risk and implies the need for global defence. A central aspect of global defence is information sharing, and at as early a point in the incident cycle as possible. This implies the sharing of intrusion detection sensor data. The growing recognition of the requirement to respect personal privacy is bearing fruit in the passage of personal privacy and data protection legislation, which generally limit the ability of organizations to share personal information. Based on the broad definitions of personal information found in the legislation, source IP addresses, one of the key elements of information used in tracing malicious activity, may be considered to be personal information, and would therefore fall under the purview of the privacy and data protection legislation. There are, however, exemptions for the sharing of information that could be extended to permit the sharing of intrusion detection information while still meeting the intent of the surveyed legislation.