Digital security awareness and resilience is one of the highest priority items on all agendas. However, the lack of data captured using a common language – understandable by different disciplines within and across organisations – presents a significant challenge in forming a holistic view of an organisation’s digital resilience.
Following the concept paper published in 2016, this new paper sets out the findings of a trial performed by the CRO Forum within its membership supported by ORX and ORIC International to assess whether the taxonomy developed by the CRO Forum in 2016 could produce empiric descriptions of digital events that can be accumulated internally to provide insight on the effects of digital events and shared externally to enable benchmarking and greater understanding of relative digital resilience.
The paper explores how the taxonomy evolved during the trial and can be evolved further, by incorporating other taxonomies (particularly STIX and VERIS), as a way of improving recognition of terms across specialisms, fit with existing processes to capture events and increase the value of data captured for different stakeholders. It also addresses some of the challenges around establishing a common language for digital event data.
The CRO Forum taxonomy is presented as a tool that can support improved digital resilience. The CRO Forum fully supports the on-going dialogue on a common language and standard that encourages sharing of digital event data and their effects to enable better understanding of the implications of increasing digital dependency. Please contact the CRO Forum Office in case you have any questions relating to this publication, or in case you wish to get into contact with members of the project group that helped to develop the taxonomy and to prepare the trial and paper.