Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository [open pdf - 1MB]
"The Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD) has continued to facilitate discussions on the concept of a trusted cyber incident data repository among insurers, chief information security officers (CISOs) , and other cybersecurity professionals within the framework of the Cyber Incident Data and Analysis Working Group (CIDAWG). After ascertaining the benefits of such a repository, captured in the recently published white paper titled, 'Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: the Value Proposition for a Cyber Incident Data Repository, ' the group identified a set of cyber incident data categories that could help deliver those benefits. Over the course of two months, the CIDAWG participants identified, developed, evaluated and consolidated nearly 30 candidate data categories into a concise list of 16, which notionally would form the basis of a future repository development effort. This paper outlines each of those data categories that, if anonymously shared into a repository, could be used to perform trend and other analyses by enterprise risk owners and insurers. Such repository-supported analyses, conducted in strict accordance with all applicable legal and privacy requirements, could help both private and public sector organizations better assess cyber risks, identify effective controls, and improve their cyber risk management practices."subject matter experts who could help develop and implement those approaches. The identified obstacles focus primarily on assured privacy and anonymization, data security, and technical design challenges. Approaches to address these issues involve process and communications strategies and technical best practices that should inform any future repository implementation. This latter category includes effective input mechanisms for sharing cyber incident data into a repository -- specifically, mechanisms that are easy to use, consistent with all applicable privacy and anonymization mandates, and relevant to stakeholders who will both contribute to the repository and utilize aggregated repository data for cyber risk analysis."
United States Department of Homeland Security: http://www.dhs.gov/