Sharing Cyber Security Information : Good Practice Stemming from the Dutch Public-Private-Participation Approach
book
The failure of a national critical infrastructure may seriously impact the health and well-being of citizens, the economy, the environment, and the functioning of the government. Moreover, critical infrastructures increasingly depend on information and communication technologies (ICT) or, in short, cyber. Cyber security and resilience are therefore seen as increasingly important governance topics and major challenges for today’s societies, as the threat landscape is continuously changing. Sharing cyber security related information between organisations – in a critical sector, cross-sector, nationally and internationally – is widely perceived as an effective measure in support of managing the cyber security challenges of organisations. Information sharing, however, is not an easy topic. It comes with many facets. For example, information sharing spans strategic, tactical, operational and technical levels; spans all phases of the cyber incident response cycle (proactive, pre-emption, prevention, preparation, incident response, recovery, aftercare/ follow up); is highly dynamic; crosses the boundary of public and private domains; and concerns sensitive information which can be potentially harmful for one organisation on the one hand, while being very useful to others. This Good Practice on information sharing discusses many of these facets. Its aim is to assist you as public and private policy-makers, middle management, researchers, and cyber security practitioners, and to steer you away from pitfalls. Reflect on the earlier lessons identified to find your own effective and efficient arrangements for information sharing which fit your specific situation.
TNO Identifier
523890
Publisher
TNO
Collation
66 p.
Place of publication
Den Haag