Step 3. Context analysis of patterns and trends
Organisations can benefit from comparing their incident trends with those of similar organisations. The information obtained from other organisations is known as external incident information, and can be used to support an organisation’s analysis of the incident(s) it has experienced. This information can be obtained from open sources or through subscriptions with commercial providers or incident data-sharing agreements. Organisations should take the following issues into account when analysing external incident information:
- They should consider the reliability of the source of the information: Does the source (i.e. the organisation from which the information is obtained) have a history of authenticity, trustworthiness and competence?
- They should consider the validity of the information: Is the information consistent with other relevant data and confirmed by independent sources?
Consult SIIM Handbook, pages 47, 52 & 53:
Chapter 2, Objective three – Understanding the operational context: 3.3 Forums for sharing security incident information & 3.4 External contextual trend analysis resources.