🌙

评估网络安全中的事件报告:从威胁检测到政策学习

Evaluating incident reporting in cybersecurity. From threat detection to policy learning

Government Information Quarterly · 2024
被引 12
ABS 3

中文导读

本文基于现实主义综合和过程追踪方法,评估了网络安全事件报告在威胁检测和政策学习中的双重作用,发现其作为火警有效但政策学习效果有限,并提出了改进建议。

Abstract

The escalating threat of cyber risks has propelled cybersecurity policy to the forefront of governmental agendas worldwide. Incident reporting, a cornerstone of cybersecurity legislation, may facilitate swift responses to cyberattacks and foster a learning process for policy enhancement. Despite its widespread adoption, there are no analyses on its efficacy, implementation, and avenues for improvement. This article provides a theory-based evaluation of incident reporting using the methods of realist synthesis and process tracing. We develop a program theory of incident reporting hypothesizing its dual role as a fire alarm and a catalyst for policy learning. The program theory is tested by drawing upon a range of literature and official documents, supplemented by insights from the Italian context through interviews with key informants. The evaluation reveals mixed findings. While incident reporting effectively serves as a fire alarm, particularly for organizations with limited cybersecurity capacity, challenges persist due to capacity gaps and a reluctance to report incidents. The link between incident reporting and policy learning remains tenuous, with evidence of inertia hindering the implementation of more radical changes. Policy recommendations include streamlining internal communications, combining rapid and in-depth reporting, fostering data-sharing agreements, ensuring dedicated communication of lessons from central cyber actors, and streamlining organizational procedures for implementing changes.

网络安全公共政策风险管理组织学习