Note to the Data People: Give us Some Raw InfoSec Data
Posted August 24th, 2009 by rybolovWe have all these data wonks running around now in the information security field thanks to a couple of people (Jaquith, Shostack, Stewart, and our friends at Verizon Business) who brought us some books and some data.
Well, earlier this year, the Government started a website called Data.gov. This is much awesomeness, Viva Las Transpareny! However, it’s missing something very relevant to my interests: information security management data.
So, I want people to go to data.gov’s “request a dataset” page and request the following:
Complete responses from the Departments and Agencies to the FISMA reporting requirements for FY2004-2009 based on OMB Memoranda 04-25, 05-15, 06-20, 07-19, 08-21, and 09-29.
Raw incident data for years 2005-2007 as reported to OMB and summarized in their report to Congress on FY2007 FISMA performance and published at http://www.whitehouse.gov/omb/inforeg/reports/2007_fisma_report.pdf
Raw incident data for years 2007 and later in any type and format similar to the Verizon Data Breach Incident Report available at http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
This information is necessary for researchers to study the effectiveness of information security management techniques and regulatory schemes and for industry to propose changes to national-level information security management frameworks and legislation such as FISMA. This information for the most part has been released in a summary format to Congress and the release of the complete dataset on data.gov would greatly aid the information security community.
It might be a fool’s errand at this point, but it doesn’t hurt to ask, and it only takes a couple of minutes to do. =)
Similar Posts:
Posted in Public Policy | 6 Comments »
Tags: datadotgov • fisma • infosharing • management • metrics • omb • security