SIIM Roadmap

Step 3. Context analysis of patterns and trends


Record incident


Access external incident information


Share incident data internally


Analyse multiple incident data

Organisations can benefit from comparing their incident trends with those of similar organisations. The information obtained from other organisations is known as external incident information, and can be used to support an organisation’s analysis of the incident(s) it has experienced. This information can be obtained from open sources or through subscriptions with commercial providers or incident data-sharing agreements. Organisations should take the following issues into account when analysing external incident information:

  • They should consider the reliability of the source of the information: Does the source (i.e. the organisation from which the information is obtained) have a history of authenticity, trustworthiness and competence?
  • They should consider the validity of the information: Is the information consistent with other relevant data and confirmed by independent sources?

Learn more

Consult SIIM Handbook, pages 47, 52 & 53:
Chapter 2, Objective three – Understanding the operational context: 3.3 Forums for sharing security incident information & 3.4 External contextual trend analysis resources.