Short address to this page:
Computer security incident response teams (CSIRTs) generate statistics based on their daily activities: issuing alerts and warnings, handling incidents, etc. However, such statistics are generally not internationally comparable.
Between 2013 and 2015, the OECD worked with the CSIRT community to explore how to improve the international comparability of the statistics they produce. The outcome is a Guidance document that they can use to develop more comparable statistics. It should be considered as a first step in this area.
Better policies in the area of information security and privacy should be based on evidence. However, the collection of quantitative data and the development of robust statistical indicators related to trust is extremely challenging.
In 2012, the OECD released a report exploring the potential for the development of better indicators to inform the policy making process in the areas of security and privacy risk management, as well as the protection of children online. The work shows that there is an underexploited wealth of empirical data that, if mined and made comparable, will enrich the current evidence base for policy making.
Please contact firstname.lastname@example.org