Title Page
Abstract
Contents
Chapter 1. Introduction 8
1.1. Background 8
1.2. Study Purpose and Methodology Scope 10
1.3. Structure of this dissertation 11
Chapter 2. Framework of cybersecurity information sharing system--based on EU Regulation and US Legislation 13
2.1. What is cybersecurity information--based on the terminology in documentation 13
2.2. Purposes of information sharing 22
2.3. Legislation progress around the world 25
2.4. What to share 29
2.4.1. Threat information types: cyber threat indicators and defensive measures 30
2.4.2. Wider range of cybersecurity information 34
2.4.3. Internal information sources 35
2.5. Who to share with 38
2.5.1. Organizations of cybersecurity information sharing system 39
Chapter 3. Incentives and Challenges for Information Sharing 47
3.1. Incentives 47
3.1.1. Incentives which is beneficial for sharing members 48
3.1.2. Incentives which can be implemented to ensure and promote the initiative of the companies 50
3.1.3. Incentives which can evade the anxieties that might occur to the companies 51
3.2. Challenges 53
3.2.1. Disadvantages of the system 53
3.2.2. Failure of the function 55
3.2.3. Legal Barriers 56
Chapter 4. Potential problems with other laws and present solutions 58
4.1. Privacy problem 58
4.1.1. Controversial interpretation on the purpose of information sharing 59
4.1.2. Controversial definition of the shared information scope 63
4.1.3. Removal of private personal information 65
4.1.4. Limitation on liability of invasion for privacy 69
4.1.5. Notification of privacy violation in the information sharing and correspondent measures 71
4.2. Other legal concerns 75
4.2.1. Anti-trust law concern 75
4.2.2. Confidentiality of information shared 81
4.3. Conclusion 85
Chapter 5. Analysis of domestic law in China and recommendations 88
5.1. Cybersecurity law in China 88
5.2. Relevant Articles about cybersecurity information sharing 91
5.3. Recommendations 93
5.3.1. Framework establishment of cybersecurity information sharing system 93
5.3.2. Governmental administrative regime 96
5.3.3. Encouragement and assurance for function of information sharing 100
5.3.4. Oversight of government activities 102
Chapter 6. Conclusion 104
References 107