Cyber Event Self-Reporting (CESR)
The Cyber Event Self-Reporting (CESR) project is a DCA community project that has been created to test the impact of highly-granular data ownership controls on the self-reporting and sharing of data incident information.
As the social and economic impact of data over-exposure become more fully understood, there is an increasing recognition that more effective self-reporting and collaboration on incident data is required in order to mitigate the negative consequences for citizens and organizations.
However, there are currently few public systems that enable organizations to quickly capture and securely collaborate on their cyber incident data.
Survey: Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing
Data breaches cost surveyed companies $4.24 million per incident on average; highest in 17-year report history
Biden signs an executive order aimed at protecting critical American infrastructure from cyberattacks.
US Senate mulling bill on data breach notifications
New Connecticut breach notification requirements and cybersecurity safe harbor effective October 2021
The goal of this research project is to design a Cyber Event Self-Reporting System (CESR) prototype that simplifies data management, protects anonymity, and offers granular access controls all within a Zero-Copy Integration data management environment.
The prototype will be shared with a test group of cyber reporting stakeholders to determine its potential to support more frequent reporting, faster reporting times, and increased collaboration with data.
Simplified data entry / data automation
User credential verification
Granular and universal access controls
Zero-Copy Integration for building new solutions:
Internal use cases
Cross-organizational use cases (preserving anonymity)
Data deletion/the right to be forgotten
Precision auditability of data usage reporting
The CESR project team invites input and advice from cyber security, consumer protection, and trade organizations.
The project will identify the types of systems and actionable intelligence that would result from collaboration on anonymized incident data.
UNIVERSAL ACCESS CONTROLS
The CESR Collab will test the impact of owner-defined, universally-enforced data access controls.
VIEW, ADD, EDIT
Data owners are able to control which internal users and groups can view, add, or edit their data at the level of table, row, column, or even down to the individual cell of a given record.
Data owners can grant/revoke query access to their de-identified data to enable 3rd parties for build new solutions. No copies of data are generated in this process and all access controls are retained.
Data owners can assign temporary "control of the controls" to internal users or groups in order to assist in data incident reporting and data collaboration. This custodianship can be revoked at any time.
A benefit of the 'Zero-Copy Integration' environment is that data owners are able to fulsomely delete their information at any time, giving them a true right to be forgotten with no copies left unaacounted.
The DCA community is free to join and we welcome data privacy, data protection, data law, data compliance, UX, IT, and tech startup professionals to join us in support of meaningful data ownership and global Collaborative Intelligence.