Copy of Copy of Untitled.png
iown-in-light

Cyber Event Self-Reporting (CESR) Collab

The Cyber Event Self-Reporting (CESR) Collab is an iOWN community project that has been created by our members in order to test the impact of highly-granular data ownership controls on the self-reporting and sharing of data incident and data breach information.

PROJECT BACKGROUND

As the social and economic impacts of data exposure become more fully understood, there is an increasing recognition that more effective self-reporting and collaboration on data incident and data breach information is required.

Survey: Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing

Biden signs an executive order aimed at protecting critical American infrastructure from cyberattacks.

US Senate mulling bill on data breach notifications

New Connecticut breach notification requirements and cybersecurity safe harbor effective October 2021

However, despite the growing problems, there are currently few public systems that enable organizations to capture cyber incident data easily or share it securely across organizations and sectors.

The CESR project team welcomes input and advice from cyber security, consumer protection, and trade organizations. 

PROJECT GOAL

The goal of the CESR project is to build a prototype system that includes features that simplify data entry and build trust. These are necessary to improve the frequency and speed of self-reporting and increase the willingness to share data for the creation of new cyber defense solutions.

  • Simplified data entry / data automation

  • User credential verification

  • Granular data access controls

  • Anonymity (organizational)

  • Zero-Copy Integration for building new solutions:

    • Internal use cases

    • Cross-organizational use cases (preserving anonymity)

  • Data deletion/the right to be forgotten

  • Precision auditability of data usage

PROJECT OBSERVERS

SAMPLE SOLUTIONS

The project will aim to build samples of the types of systems and actionable intelligence that would result from collaboration on anonymized incident data.

Alert Systems
desktop.png
Pattern Analysis
data browser_2x.png
Consumer Tools
apps.png
chatbot.png

UNIVERSAL ACCESS CONTROLS

The CESR Collab will test the impact of owner-defined, universally-enforced data access controls.
VIEW, ADD, EDIT
CUSTODIANSHIP
Data owners are able to control which internal users and groups can view, add, or edit their data at the level of table, row, column, or even down to the individual cell of a given record.
QUERY
Data owners can grant/revoke query access to their de-identified data to enable 3rd parties for build new solutions. No copies of data are generated in this process and all access controls are retained.
Data owners can assign temporary "control of the controls" to internal users or groups in order to assist in data incident reporting and data collaboration. This custodianship can be revoked at any time.
DELETION
A benefit of the 'Zero-Copy Integration' environment is that data owners are able to fulsomely delete their information at any time, giving them a true right to be forgotten with no copies left unaacounted.

PROJECT METHODOLOGY

  1. Formulate question 
  2. Conduct research
  3. Formulate hypothesis
  4. Make prediction
  5. Design experiment
  6. Evaluate results
  7. Report results

GET INVOLVED

The iOWN Initiative is free to join and we welcome data privacy, data protection, data law, data compliance, UX, IT, and PET professionals to join us in support of meaningful data ownership and inclusive data collaboration.