SIIM Roadmap

Step 3. Context analysis of patterns and trends

7

Record incident

8

Access external incident information

9

Share incident data externally

10

Analyse multiple incident data

Organisations can gain further insight into a particular security incident from information/data supplied by other organisations. This information can be obtained either directly through forums or through pooled databases. However, other organisations might use different ways of categorising incidents, making it challenging to analyse shared data. Therefore, it is important to first understand the incident categorisation systems of organisations using different approaches to security incident management. Examples of external incident data-sharing resources include:


Learn more

Consult SIIM Handbook, pages 21, 33, 47, 51 & 52:
Chapter 2, Objective one – Immediate response: 1.4 Communication & Objective three – Understanding the operational context, 3.2 External sharing of incident information & 3.3 Forums for sharing security incident information.