On April 19-20, 2016, the National Protection and Programs Directorate (NPPD) hosted a workshop to discuss the value and the feasibility of a cyber incident data and analysis repository. The workshop built on the work the CIDAWG has accomplished thus far and focused on the execution of the repository.
Goals:
1. Share the findings of the Cyber Incident Data and Analysis Working Group (CIDAWG), which is comprised of cybersecurity professionals from various critical infrastructure sectors, insurance companies, and other private sector organizations on the:
- Value proposition of a cyber incident data and analysis repository;
- Cyber incident data points that could be shared into a repository to support needed analysis; and
- Perceived challenges to sharing data into the repository and overcoming those challenges.
These findings can be found on Cyber Incident Data and Analysis Working Group White Papers.
2. Validate the feasibility of/ and solicit support for a CIDAR from the broad cybersecurity community - Receive input on how cyber incident data points shared into the repository should be prioritized, operationalized and automated and how the repository should be executed.
3. Receive input on voluntary information sharing approaches, models and best practices that could inform any future repository implementation.
Background:
Since 2012, NPPD has been engaging infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, academia and others to examine the state of the cybersecurity insurance market and how to best advance its capacity to incentivize better cyber risk management. NPPD has been seeking input from stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. NPPD is currently facilitating a dialog about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.
Details:
Audience: Information Security Management Experts from Industry, Government, and Academia
Format: Workshop
Workshop Materials: Workshop Materials
Registration Contact: Beatrix Boyens
Background Information: Visit the NPPD Cybersecurity Insurance reports page.