Incident capture and analytics

Good Practices

Improving the ability to document cyber security incidents and perform analysis on root causes and effects bolsters security in cyberspace.

Comprehensive incident documentation and analysis yields a deep insight into key drivers of incidents and the effectiveness of counter-measures. Enhancing nations understanding of the threat landscape, its origins, history and causal links with (previous) incidents can improve existing prevention, response and mitigation procedures.

Global information sharing on practices and subject-matter expertise (e.g. the ability to document cyber security incidents, log relevant data, support with methodologies and tools, perform analysis on root causes and effects) contributes to the development of more evidence-based cyber security strategies and the alignment of (inter)national response.