Sharing Cyber Threat Intelligence under the General Data Protection Regulation

Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compli- ance with the GDPR. We also present a model for evaluating the legal require- ments for supporting decision making when sharing CTI, which also includes advice on the required protection level. Finally, we evaluate our model using use cases of sharing CTI datasets between entities

Making Research Data Accessible

This chapter argues that these benefits will accrue more quickly, and will be more significant and more enduring, if researchers make their data “meaningfully accessible.” Data are meaningfully accessible when they can be interpreted and analyzed by scholars far beyond those who generated them. Making data meaningfully accessible requires that scholars take the appropriate steps to prepare their data for sharing, and avail themselves of the increasingly sophisticated infrastructure for publishing and preserving research data. The better other researchers can understand shared data and the more researchers who can access them, the more those data will be re-used for secondary analysis, producing knowledge. Likewise, the richer an understanding an instructor and her students can gain of the shared data being used to teach and learn a particular research method, the more useful those data are for that pedagogical purpose. And the more a scholar who is evaluating the work of another can learn about the evidence that underpins its claims and conclusions, the better their ability to identify problems and biases in data generation and analysis, and the better informed and thus stronger an endorsement of the work they can offer

Toward open computational communication science: A practical road map for reusable data and code

Computational communication science (CCS) offers an opportunity to accelerate the scope and pace of discovery in communication research. This article argues that CCS will profit from adopting open science practices by fostering the reusability of data and code. We discuss the goals and challenges related to creating reusable data and code and offer practical guidance to individual researchers to achieve this. More specifically, we argue for integration of the research process into reusable workflows and recognition of tools and data as academic work. The challenges and road map are also critically discussed in terms of the additional burden they place on individual scholars, which culminates in a call to action for the field to support and incentivize the reusability of tools and data

Data curation for qualitative data reuse and big social research

In den letzten Jahren haben Innovationen bei Datenquellen und Methoden für die sozialwissenschaftliche Forschung zugenommen. Diese Forschungsarbeit zielt darauf ab, die Auswirkungen dieser Innovationen auf drei Praxisgemeinschaften besser zu verstehen: qualitativ Forschende, Big Social Data Forschende und Datenkurator*innen. Folgenden Forschungsfragen werden behandelt. RQ1: Wie unterscheidet sich die Kuratierung von Big Social Data und qualitativen Daten? RQ2: Welche Auswirkungen haben diese Ähnlichkeiten und Unterschiede auf die Kuratierung von Big Social Data und qualitativen Daten und was können wir aus der Kombination dieser beiden Communities lernen? Ich beantwortete diese Fragen durch eine Literaturrecherche, in der ich Gemeinsamkeiten zwischen qualitativer Datennachnutzung und Big Social Data identifizierte. Dann führte ich semi-strukturierte Interviews mit den drei Praxisgemeinschaften durch. Die Analyse identifizierte sechs Schlüsselthemen für die qualitative Datennachnutzung und Big Social Data: Kontext, Datenqualität und Vertrauenswürdigkeit, Datenvergleichbarkeit, informierte Einwilligung, Datenschutz und Vertraulichkeit sowie geistiges Eigentum und Dateneigentum. Ich habe außerdem fünf weitere Themen identifiziert: Domänenunterschiede, Strategien für eine verantwortungsvolle Praxis, Fragen der Datenpflege, Menschen oder Inhalte als Untersuchungsobjekte sowie unterschiedliche Schwerpunkte und Ansätze. Die Verbindung dieser drei Praxisgemeinschaften kann ein breiteres Verständnis der Schlüsselfragen unterstützen und zu verantwortungsbewussteren Forschungspraktiken führen. Datenkurator*innen verfügen über die Fähigkeiten und Perspektiven, um zwischen den Praxisgemeinschaften zu übersetzen und eine verantwortungsvolle qualitative Nachnutzung von Daten und Big Social Data zu unterstützen.Recent years have seen the rise of innovations in data sources and methods for social science research. This research aims to better understand the impact of these innovations on three communities of practice: qualitative researchers, big social researchers, and data curators. I address the following research questions. RQ1: How is big social data curation similar to and different from qualitative data curation? RQ1a: How are epistemological, ethical, and legal issues different or similar for qualitative data reuse and big social research? RQ1b: How can data curation practices support and resolve some of these epistemological and ethical issues? RQ2: What are the implications of these similarities and differences for big social data curation and qualitative data curation, and what can we learn from combining these two conversations? I answered these questions through a literature review, in which I identified issues in common between qualitative data reuse and big social research. Then I conducted semi-structured interviews with the three communities of practice. The research identified six key issues for qualitative data reuse and big social research: context, data quality and trustworthiness, data comparability, informed consent, privacy and confidentiality, and intellectual property and data ownership. I also identified five additional themes: domain differences, strategies for responsible practice, data curation issues, human subjects vs. content, and different focuses and approaches. Connecting these three communities of practice can support a broader understanding of the key issues and lead to more responsible research practices. Data curators have the skills and perspectives to translate between communities of practice and provide guidance for responsible qualitative data reuse and big social data

Intellectual Property, Mātauranga Māori

This literature review has been conducted to consider the various national legislation and international agreements that comprise New Zealand’s Intellectual Property Rights (IP) regime. It will evaluate if and how such legislation and agreements protect and enable Māori IP rights and interests with respect to Māori data, genomic data and mātauranga Māori. The review also identifies some mechanisms that might also enhance Māori control of these types of data. The Westminster approach of legislation in New Zealand and its approach to IP protection based on Copyrights, Patents and Trade Marks are juxtaposed against traditional Maori approaches of communally held ancestral knowledge (mātauranga) passed down through generations (whanaungatanga) based on guardianship and protection (kaitiakitanga) and the self-determination of use of such knowledge (rangatiratanga). Attempting to align tikanga concepts to the Westmionster model of law is challenging as the two share completely different notions of ownership and responsibility. Expectations of protection, to prevent misappropriation and commercialisation by non- Māori of mātauranga Māori and Māori data, extend beyond the parameters of existing IP law, creates a similar disjunct. Genomic Research generates data, some of which can be protected by IP, however researchers working with genetic/genomic data from taonga species have often failed to acknowledge the non-IP interests of Maori. As a result, Maori have taken it upon themselves to advocate for their rights to data through Māori data sovereignty discourse as well as create guidelines for culturally appropriate genomic research with explicit references to data security and management (e.g. Te Mata Ira, Te Nohonga Kaitiaki). Other extra-legal options, such as Biocultural Labelling to alert users where particular data has Māori rights and/or interests, are emerging to maintain create durable provenance data and connect next users of data with the responsible Indigenous communities. Though the intellectual property regime in New Zealand may provide some protections, there are still significant areas where the legal system does not provide sufficient protections for Māori data, taonga species and mātauranga. The UN Declaration on the Rights of Indigenous Peoples provides a framework of international support for Indigenous rights, but local government and other home-grown mechanisms are important to enable Māori governance of data. Local approaches Māori Data Sovereignty and Māori Data Governance afford Maori the opportunity to be directly involved as kaitiaki of their mātauranga and assert rangatiratanga over data and its use

Foundations of Security Analysis and Design III, FOSAD 2004/2005- Tutorial Lectures

he increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of research groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. This book presents thoroughly revised versions of eight tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2004/2005, held in Bertinoro, Italy, in September 2004 and September 2005. The lectures are devoted to: Justifying a Dolev-Yao Model under Active Attacks, Model-based Security Engineering with UML, Physical Security and Side-Channel Attacks, Static Analysis of Authentication, Formal Methods for Smartcard Security, Privacy-Preserving Database Systems, Intrusion Detection, Security and Trust Requirements Engineering