It's not easy to do on Cloud, as you have to set the security level to something that includes "reporter" which means playing with automatically setting it.
It's easier on server because you can set "reporter browse" permission and limit browse to the reporter that way.
Anyway, you've got most of the way there simply because you have mentioned issue security. First, get the project permissions right - that is quite simple - grant "browse" to anyone who should see any part of the project (ignore assignee/reporter stuff)
Now set up a simple security scheme. It needs one single level (obviously you can add more, I'm keeping it simple), set to allow "reporter, assignee", and anyone else who should be able to see it without being one of them. The tricky part is that I don't know how to forcibly set such a level on an issue with a post-function - I've used Script Runner on server to do it, but I don't know about Cloud, or if Cloud has functions available for it natively.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.