Header

UZH-Logo

Maintenance Infos

Best Practices and Recommendations for Cybersecurity Service Providers


Kirichenko, Alexey; Christen, Markus; Grunow, Florian; Herrmann, Dominik (2020). Best Practices and Recommendations for Cybersecurity Service Providers. In: Christen, Markus; Gordijn, Bert; Loi, Michele. The Ethics of Cybersecurity. Cham: Springer, 299-316.

Abstract

This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers.

Abstract

This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers.

Statistics

Citations

Dimensions.ai Metrics

Altmetrics

Downloads

18 downloads since deposited on 31 Mar 2022
7 downloads since 12 months
Detailed statistics

Additional indexing

Item Type:Book Section, refereed, original work
Communities & Collections:04 Faculty of Medicine > Institute of Biomedical Ethics and History of Medicine
08 Research Priority Programs > Digital Society Initiative
Dewey Decimal Classification:610 Medicine & health
Scopus Subject Areas:Physical Sciences > Biomedical Engineering
Physical Sciences > Information Systems
Social Sciences & Humanities > Public Administration
Social Sciences & Humanities > Safety Research
Language:English
Date:2020
Deposited On:31 Mar 2022 10:53
Last Modified:10 Jun 2024 03:35
Publisher:Springer
ISBN:978-3-030-29052-8
OA Status:Hybrid
Free access at:Publisher DOI. An embargo period may apply.
Publisher DOI:https://doi.org/10.1007/978-3-030-29053-5_15
  • Content: Published Version
  • Licence: Creative Commons: Attribution 4.0 International (CC BY 4.0)