DOI

The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. However, these solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be analyzed and prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies the severity of leakages with respect to the amount and sensitivity of the leaked information as well as the ability to re-identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge within the domain. We validate our quantification approach by analyzing data leakages within a healthcare environment. Moreover, we demonstrate that the data model allows for a more accurate characterization of data sensitivity while reducing the efforts for its specification.

Original languageEnglish
Pages (from-to)321-345
Number of pages25
JournalJournal of Computer Security
Volume24
Issue number3
DOIs
StatePublished - 1 Jun 2016

    Research areas

  • alert visualization, Data leakage detection, data leakage quantification, data sensitivity model, severity metrics

ID: 32863973