Towards GDPR-compliant data processing in modern SIEM systems
Menges F, Latzo T, Vielberth M, Sobola S, Pöhls HC, Taubmann B, Köstler J, Puchta A, Freiling F, Reiser HP, Pernul G (2021)
Publication Type: Journal article
Publication year: 2021
Journal
Book Volume: 103
Article Number: 102165
DOI: 10.1016/j.cose.2020.102165
Abstract
The introduction of the General Data Protection Regulation (GDPR) in Europe raises a whole series of issues and implications on the handling of corporate data. We consider the case of security-relevant data analyses in companies, such as those carried out by Security Information and Event Management (SIEM) systems. It is often argued that the processing of personal data is necessary to achieve service quality. However, at present existing systems arguably are in conflict with the GDPR since they often process personal data without taking data protection principles into account. In this work, we first examine the GDPR regarding the resulting requirements for SIEM systems. On this basis, we propose a SIEM architecture that meets the privacy requirements of the GDPR and show the effects of pseudonymization on the detectability of incidents.
Authors with CRIS profile
Tobias Latzo
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Felix Freiling
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Related research project(s)
Involved external institutions
Universität Passau
Germany (DE)
Universität Regensburg
Germany (DE)
Paluka Sobola Loibl & Partner
Germany (DE)
Germany (DE)
Universität Regensburg
Germany (DE)
Paluka Sobola Loibl & Partner
Germany (DE)
How to cite
APA:
Menges, F., Latzo, T., Vielberth, M., Sobola, S., Pöhls, H.C., Taubmann, B.,... Pernul, G. (2021). Towards GDPR-compliant data processing in modern SIEM systems. Computers & Security, 103. https://dx.doi.org/10.1016/j.cose.2020.102165
MLA:
Menges, Florian, et al. "Towards GDPR-compliant data processing in modern SIEM systems." Computers & Security 103 (2021).
BibTeX: Download