Sep, 2015
Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository
United States. Department of Homeland Security
"The Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD) has continued to facilitate discussions on the concept of a trusted cyber incident data repository among insurers, chief information security officers (CISOs) , and other cybersecurity professionals within the framework of the Cyber Incident Data and Analysis Working Group (CIDAWG). After ascertaining the benefits of such a repository, captured in the recently published white paper titled, 'Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: the Value Proposition for a Cyber Incident Data Repository, ' the group identified a set of cyber incident data categories that could help deliver those benefits. Over the course of two months, the CIDAWG participants identified, developed, evaluated and consolidated nearly 30 candidate data categories into a concise list of 16, which notionally would form the basis of a future repository development effort. This paper outlines each of those data categories that, if anonymously shared into a repository, could be used to perform trend and other analyses by enterprise risk owners and insurers. Such repository-supported analyses, conducted in strict accordance with all applicable legal and privacy requirements, could help both private and public sector organizations better assess cyber risks, identify effective controls, and improve their cyber risk management practices."subject matter experts who could help develop and implement those approaches. The identified obstacles focus primarily on assured privacy and anonymization, data security, and technical design challenges. Approaches to address these issues involve process and communications strategies and technical best practices that should inform any future repository implementation. This latter category includes effective input mechanisms for sharing cyber incident data into a repository -- specifically, mechanisms that are easy to use, consistent with all applicable privacy and anonymization mandates, and relevant to stakeholders who will both contribute to the repository and utilize aggregated repository data for cyber risk analysis."
    Details
  • URL
  • Publisher
    United States. Department of Homeland Security
  • Date
    Sep, 2015
  • Copyright
    Public Domain
  • Retrieved From
    United States Department of Homeland Security: www.dhs.gov/
  • Format
    pdf
  • Media Type
    application/pdf
  • Subjects
    Infrastructure protection/Commerce
    Infrastructure protection/Computer networks
    Cyberspace and Cybersecurity

Citing HSDL Resources

Documents from the HSDL collection cannot automatically be added to citation managers (e.g. Refworks, Endnotes, etc). This HSDL abstract page contains some of the pieces you may need when citing a resource, such as the author, publisher and date information. We highly recommend you always refer to the resource itself as the most accurate source of information when citing. Here are some sources that can help with formatting citations (particularly for government documents).

Worldcat: http://www.worldcat.org/

Indiana University Guide: Citing U.S. Government Publications: http://libraries.iub.edu/guide-citing-us-government-publications
Clear examples for citing specific types of government publications in a variety of formats. It does not address citing according to specific style guides.

Naval Postgraduate School: Dudley Knox Library. Citing Styles: http://libguides.nps.edu/citation
Specific examples for citing government publications according to APA and Chicago style guides. Click on the link for your preferred style then navigate to the specific type of government publication.

Scroll to Top