当前位置:
X-MOL 学术
›
arXiv.cs.GL
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Resolving the cybersecurity Data Sharing Paradox to scale up cybersecurity via a co-production approach towards data sharing
arXiv - CS - General Literature Pub Date : 2020-11-20 , DOI: arxiv-2011.12709 Amir Atapour-Abarghouei, Andrew Stephen McGough, David Stanley Wall
arXiv - CS - General Literature Pub Date : 2020-11-20 , DOI: arxiv-2011.12709 Amir Atapour-Abarghouei, Andrew Stephen McGough, David Stanley Wall
As cybercriminals scale up their operations to increase their profits or
inflict greater harm, we argue that there is an equal need to respond to their
threats by scaling up cybersecurity. To achieve this goal, we have to develop a
co-productive approach towards data collection and sharing by overcoming the
cybersecurity data sharing paradox. This is where we all agree on the
definition of the problem and end goal (improving cybersecurity and getting rid
of cybercrime), but we disagree about how to achieve it and fail to work
together efficiently. At the core of this paradox is the observation that
public interests differ from private interests. As a result, industry and law
enforcement take different approaches to the cybersecurity problem as they seek
to resolve incidents in their own interests, which manifests in different data
sharing practices between both and also other interested parties, such as
cybersecurity researchers. The big question we ask is can these interests be
reconciled to develop an interdisciplinary approach towards co-operation and
sharing data. In essence, all three will have to co-own the problem in order to
co-produce a solution. We argue that a few operational models with good
practices exist that provide guides to a possible solution, especially multiple
third-party ownership organisations which consolidate, anonymise and analyse
data. To take this forward, we suggest the practical solution of organising
co-productive data collection on a sectoral basis, but acknowledge that common
standards for data collection will also have to be developed and agreed upon.
We propose an initial set of best practices for building collaborations and
sharing data and argue that these best practices need to be developed and
standardised in order to mitigate the paradox.
中文翻译:
解决网络安全数据共享悖论,以共同生产的方式实现数据共享,从而扩大网络安全
随着网络犯罪分子扩大其业务以增加利润或造成更大的伤害,我们认为,同样有必要通过扩大网络安全来应对其威胁。为了实现这一目标,我们必须通过克服网络安全数据共享悖论,开发一种用于数据收集和共享的协同生产方法。在这里,我们都同意对问题的定义和最终目标(提高网络安全性并摆脱网络犯罪),但是我们不同意如何实现这一目标并且无法有效地协同工作。这种悖论的核心是观察到公共利益与私人利益不同。结果,行业和执法部门出于自身利益寻求解决事件的方法不同,因此他们采取了不同的方法来解决网络安全问题,这体现在双方以及其他相关方(例如网络安全研究人员)之间不同的数据共享实践中。我们提出的最大问题是,能否调和这些利益,以发展一种跨学科的合作和共享数据方法。本质上,这三个问题必须共同拥有,才能共同提出解决方案。我们认为,存在一些具有良好实践的操作模型,这些模型可为可能的解决方案提供指南,尤其是可合并,匿名化和分析数据的多个第三方所有权组织。为此,我们建议在部门基础上组织协同生产数据收集的实用解决方案,但也承认,还必须制定并商定通用的数据收集标准。
更新日期:2020-11-27
中文翻译:
解决网络安全数据共享悖论,以共同生产的方式实现数据共享,从而扩大网络安全
随着网络犯罪分子扩大其业务以增加利润或造成更大的伤害,我们认为,同样有必要通过扩大网络安全来应对其威胁。为了实现这一目标,我们必须通过克服网络安全数据共享悖论,开发一种用于数据收集和共享的协同生产方法。在这里,我们都同意对问题的定义和最终目标(提高网络安全性并摆脱网络犯罪),但是我们不同意如何实现这一目标并且无法有效地协同工作。这种悖论的核心是观察到公共利益与私人利益不同。结果,行业和执法部门出于自身利益寻求解决事件的方法不同,因此他们采取了不同的方法来解决网络安全问题,这体现在双方以及其他相关方(例如网络安全研究人员)之间不同的数据共享实践中。我们提出的最大问题是,能否调和这些利益,以发展一种跨学科的合作和共享数据方法。本质上,这三个问题必须共同拥有,才能共同提出解决方案。我们认为,存在一些具有良好实践的操作模型,这些模型可为可能的解决方案提供指南,尤其是可合并,匿名化和分析数据的多个第三方所有权组织。为此,我们建议在部门基础上组织协同生产数据收集的实用解决方案,但也承认,还必须制定并商定通用的数据收集标准。
京公网安备 11010802027423号