Carnegie Mellon University
file.pdf (954.28 kB)

Towards a Privacy Management Framework for Distributed Cybersecurity in the New Data Ecology

Download (954.28 kB)
journal contribution
posted on 2011-11-01, 00:00 authored by Travis BreauxTravis Breaux, Catherine B. Lotrionte

Cyber security increasingly depends on advance notice of emerging threats as individuals, groups or nations attempt to exfiltrate information or disrupt systems and services. Advance notice relies on having access to the right information at the right time. This information includes trace digital evidence, distributed across public and private networks that are governed by various privacy policies, inter-agency agreements, federal and state laws and international treaties. To enable rapid and assured information sharing that protects privacy, the US government needs a means to balance privacy with the need to share. In this paper, we review US laws and policies governing government surveillance and describe key elements for a privacy management framework that seeks to enable government investigations while protecting privacy in a systematic way. The framework aligns existing Federal investigative guidelines for attributing a cyberattack with concerns for automated decision making that arise from the Fourth Amendment “reasonable expectation of privacy” and several fair information practice principles. We discuss technical challenges for those seeking to implement this framework.


Publisher Statement

© 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.



Usage metrics


    Ref. manager