Economie de l'Internet

Security and privacy indicators

 

Return to > Information security and privacy

Short address for this page:
http://oe.cd/security-indicators

 Improving the
international comparability of
CSIRT statistics

Download the report on
"Measuring the evidence base
for security and privacy
"
© Thinkstock

Better policies in the area of information security and privacy should be based on evidence. However, the collection of quantitative data and the development of robust statistical indicators related to trust is extremely challenging.

In 2012, the OECD released a  report exploring the potential for the development of better indicators to inform the policy making process in the areas of security and privacy risk management, as well as the protection of children online. The work shows that there is an underexploited wealth of empirical data that, if mined and made comparable, will enrich the current evidence base for policy making.

Building on the findings of this report, the OECD is running a project with the community of Computer Security Incident Response Teams (CSIRTs) to enhance the international comparability of the statistics they generate with a view to better inform the “cybersecurity” policy making process.

Aim

CSIRTs generate statistics based on their daily activities: issuing alerts and warnings, handling incidents, etc.. However such statistics are generally not internationally comparable. CSIRTs also collect data or potentially have access to data that could be used to generate statistics on other relevant phenomena if appropriate guidance was available. This project seeks to understand these challenges and identify how to overcome them.

The aim is to deliver a statistical guide or manual that CSIRTs could follow to ensure quality and international comparability of their statistics. It would include guidance on taxonomy, granularity, frequency and the format of these statistics as well as on the creation of statistical indicators for supporting policy making.

The project involves a joint effort of communities in three complementary areas of expertise:

  • Computer emergency and incident response: the CSIRT community is a key partner to the project;
  • Cybersecurity risk policy making: the project was initiated at OECD Committee on Digital Economy Policy (CDEP) Working Party on Security and Privacy in the Digital Economy (SPDE) and the APEC Telecommunications and Information Working Group, Security and Prosperity Steering Group (APEC TEL SPSG) has agreed to participate.
  • Internationally comparable statistics for better policies: the OECD is the international forum for developing internationally recognised statistical guides and manuals. Examples in other areas include the OECD Guide to Measuring the Information Society, the OECD Patent Statistics Manual, the OECD Oslo Manual (on measuring innovation), and the OECD Frascati Manual (on measuring research and development).

Methodology

The work with CSIRTs is being undertaken in two phases:

  • The first phase aimed to understand the specific challenges and opportunities related to CSIRT statistics. This includes understanding how CSIRTs work and the impact on the generation of data and statistics, as well as the use of standards for the classification of incidents and other aspects of their daily routines. The OECD worked with CSIRT experts and discussed the project at various international CSIRT events during this phase. An expert working meeting took place in August 2013.
  • The second phase aims to develop a statistical guide or manual to facilitate the production of internationally comparable CSIRT statistical indicators. It includes a feasibility study to test the statistical indicators drafted in the first phase.

Other OECD work on security and privacy measurement

See:

For more information

Please contact laurent dot bernat at oecd dot org.

 

 

 

Also Available

Countries list

  • Afghanistan
  • Afrique du Sud
  • Albanie
  • Algérie
  • Allemagne
  • Andorre
  • Angola
  • Anguilla
  • Antigua-et-Barbuda
  • Antilles Néerlandaises
  • Arabie Saoudite
  • Argentine
  • Arménie
  • Aruba
  • Australie
  • Autorité Nationale Palestinienne
  • Autriche
  • Azerbaïdjan
  • Bahamas
  • Bahreïn
  • Bangladesh
  • Barbade
  • Belgique
  • Belize
  • Bermudes
  • Bhoutan
  • Bolivie
  • Bosnie-Herzégovine
  • Botswana
  • Brunéi Darussalam
  • Brésil
  • Bulgarie
  • Burkina Faso
  • Burundi
  • Bélarus
  • Bénin
  • Cambodge
  • Cameroun
  • Canada
  • Cap-Vert
  • Caïmanes, Îles
  • Centrafricaine, République
  • Chili
  • Chine (République populaire de)
  • Chypre
  • Colombie
  • Comores
  • Congo, La République Démocratique du
  • Corée
  • Corée, République Populaire Démocratique de
  • Costa Rica
  • Croatie
  • Cuba
  • Côte D'ivoire
  • Danemark
  • Djibouti
  • Dominicaine, République
  • Dominique
  • Egypte
  • El Salvador
  • Emirats Arabes Unis
  • Equateur
  • Erythrée
  • Espagne
  • Estonie
  • Etats Fédérés de Micronésie
  • Etats-Unis
  • Ethiopie
  • ex-République yougouslave de Macédoine (ERYM)
  • Fidji
  • Finlande
  • France
  • Gabon
  • Gambie
  • Ghana
  • Gibraltar
  • Grenade
  • Groenland
  • Grèce
  • Guatemala
  • Guernesey
  • Guinée Équatoriale
  • Guinée-Bissau
  • Guinéee
  • Guyana
  • Guyane Française
  • Géorgie
  • Haïti
  • Honduras
  • Hong Kong, Chine
  • Hongrie
  • Ile de Man
  • Ile Maurice
  • Iles Cook
  • Iles Féroé
  • Iles Marshall
  • Iles Vierges Britanniques
  • Iles Vierges des États-Unis
  • Inde
  • Indonésie
  • Iraq
  • Irlande
  • Islande
  • Israël
  • Italie
  • Jamaïque
  • Japon
  • Jersey
  • Jordanie
  • Kazakstan
  • Kenya
  • Kirghizistan
  • Kiribati
  • Koweït
  • l'Union européenne
  • Lao, République Démocratique Populaire
  • le Taipei chinois
  • Lesotho
  • Lettonie
  • Liban
  • Libye
  • Libéria
  • Liechtenstein
  • Lituanie
  • Luxembourg
  • Macao
  • Madagascar
  • Malaisie
  • Malawi
  • Maldives
  • Mali
  • Malte
  • Maroc
  • Mauritanie
  • Mayotte
  • Mexique
  • Moldova
  • Monaco
  • Mongolie
  • Montserrat
  • Monténégro
  • Mozambique
  • Myanmar
  • Namibie
  • Nauru
  • Nicaragua
  • Niger
  • Nigéria
  • Nioué
  • Norvège
  • Nouvelle-Zélande
  • Népal
  • Oman
  • Ouganda
  • Ouzbékistan
  • Pakistan
  • Palaos
  • Panama
  • Papouasie-Nouvelle-Guinée
  • Paraguay
  • Pays-Bas
  • Philippines
  • Pologne
  • Porto Rico
  • Portugal
  • Pérou
  • Qatar
  • Roumanie
  • Royaume-Uni
  • Russie, Fédération de
  • Rwanda
  • République du Congo
  • République Islamique d' Iran
  • République Tchèque
  • Sahara Occidental
  • Saint-Kitts-et-Nevis
  • Saint-Marin
  • Saint-Vincent-et-les Grenadines
  • Sainte-Hélène
  • Sainte-Lucie
  • Salomon, Îles
  • Samoa
  • Sao Tomé-et-Principe
  • Serbie
  • Serbie et Monténégro (avant juin 2006)
  • Seychelles
  • Sierra Leone
  • Singapour
  • Slovaquie
  • Slovénie
  • Somalie
  • Soudan
  • Soudan du Sud
  • Sri Lanka
  • Suisse
  • Suriname
  • Suède
  • Swaziland
  • Syrienne, République Arabe
  • Sénégal
  • Tadjikistan
  • Tanzanie
  • Tchad
  • Thaïlande
  • Timor-Leste (Timor Oriental)
  • Togo
  • Tokelau
  • Tonga
  • Trinité-et-Tobago
  • Tunisie
  • Turkménistan
  • Turks et Caïques, Îles
  • Turquie
  • Tuvalu
  • Ukraine
  • Uruguay
  • Vanuatu
  • Venezuela
  • Viêt Nam
  • Wallis et Futuna
  • Yémen
  • Zambie
  • Zimbabwe
  • Topics list