Cyber Event Self-Reporting (CESR) Collab
The Cyber Event Self-Reporting (CESR) Collab is an iOWN community project that has been created by our members in order to test the impact of highly-granular data ownership controls on the self-reporting and sharing of data incident and data breach information.
As the social and economic impacts of data exposure become more fully understood, there is an increasing recognition that more effective self-reporting and collaboration on data incident and data breach information is required.
Survey: Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing
Biden signs an executive order aimed at protecting critical American infrastructure from cyberattacks.
US Senate mulling bill on data breach notifications
New Connecticut breach notification requirements and cybersecurity safe harbor effective October 2021
However, despite the growing problems, there are currently few public systems that enable organizations to capture cyber incident data easily or share it securely across organizations and sectors.
The CESR project team welcomes input and advice from cyber security, consumer protection, and trade organizations.
The goal of the CESR project is to build a prototype system that includes features that simplify data entry and build trust. These are necessary to improve the frequency and speed of self-reporting and increase the willingness to share data for the creation of new cyber defense solutions.
Simplified data entry / data automation
User credential verification
Granular data access controls
Zero-Copy Integration for building new solutions:
Internal use cases
Cross-organizational use cases (preserving anonymity)
Data deletion/the right to be forgotten
Precision auditability of data usage
The project will aim to build samples of the types of systems and actionable intelligence that would result from collaboration on anonymized incident data.
UNIVERSAL ACCESS CONTROLS
The CESR Collab will test the impact of owner-defined, universally-enforced data access controls.
VIEW, ADD, EDIT
Data owners are able to control which internal users and groups can view, add, or edit their data at the level of table, row, column, or even down to the individual cell of a given record.
Data owners can grant/revoke query access to their de-identified data to enable 3rd parties for build new solutions. No copies of data are generated in this process and all access controls are retained.
Data owners can assign temporary "control of the controls" to internal users or groups in order to assist in data incident reporting and data collaboration. This custodianship can be revoked at any time.
A benefit of the 'Zero-Copy Integration' environment is that data owners are able to fulsomely delete their information at any time, giving them a true right to be forgotten with no copies left unaacounted.
The iOWN Initiative is free to join and we welcome data privacy, data protection, data law, data compliance, UX, IT, and PET professionals to join us in support of meaningful data ownership and inclusive data collaboration.