NCCIC Cyber Incident Scoring System   [open pdf - 262KB]

Alternate Title: National Cybersecurity and Communications Integration Center Cyber Incident Scoring System

From the Document: "Many incident taxonomies and classification schemes provide excellent guidance within the scope of a single enterprise's security operations center (SOC). However, such systems do not address incident prioritization or risk assessment from a nationwide perspective, which may involve large numbers of diverse enterprises. Large-scale, national cybersecurity operations centers like the National Cybersecurity and Communications Integration Center (NCCIC) under the Department of Homeland Security (DHS) need to assess risk while accommodating a diverse set of private critical infrastructure asset owners and operators and U.S. Government departments and agencies. The NCCIC Cyber Incident Scoring System (NCISS) is designed to provide a repeatable and consistent mechanism for estimating the risk of an incident in this context."