Nous avons besoin d’une norme mondiale pour annoncer les cyberattaques

In Cyber-sécurité
Déroulez ici

Un article intéressant du Harvard Business Review qui présente les avantages d’annoncer et d’échanger les informations à propos des cyber-attaques

Information is power and, in cybersecurity, it’s the power to prevent other similar events. If a breach occurs in one organization, we can be reasonably confident that the same malicious tactic will be used on another organization in the near future. If the data about that first known breach is made available, other organizations can prepare themselves and ensure that the same vulnerability is not used against them. Shared knowledge also allows regulators and law enforcement to objectively manage incentives to guide corporate cybersecurity governance, data gathering, and information sharing.

Article HBR, 6 novembre 2019

We Need a Global Standard for Reporting Cyber Attacks

Executive Summary The main reason we have so much trouble managing cyber risk is that we don’t have a standard way of measuring it or a secure means for sharing vital information. Cyber threats are a seemingly impossible challenge. By their very nature – fast-changing, borderless, asymmetric – they’re ridiculously difficult to predict and manage.

A mettre en regard avec l’initiative envisagée d’obligation d’annonce d’incident cyber en Suisse

Cyberincidents: Berne peaufine sa stratégie

La déclaration des cyberincidents affectant la sécurité des infrastructures critiques pourrait devenir obligatoire. Le Conseil fédéral a adopté vendredi un rapport sur le sujet et confié des mandats pour approfondir la question d’ici à la fin de 2020. Il n’existe pas en Suisse d’obligation générale de signaler les cyberincidents.

La newsletter