Incentives and Challenges for Information Sharing in the Context of Network and Information Security

Published In: ENISA, European Network and Information Security Agency, 2010

Posted on RAND.org on September 08, 2010

by Neil Robinson, Emma Disley

Read More

Access further information on this document at www.enisa.europa.eu

This article was published outside of RAND. The full text of the article can be found at the link above.

The importance of information sharing to ensuring network and information security is widely acknowledged by both policy-makers and by the technical and practitioner community -- for example, in the European Programme on Critical Infrastructure Protection (EPCIP) and in the 2004 Availability and Robustness of Electronic Communications Infrastructures (ARECI) study, which noted that formal means for sharing information should be set up in order to improve the protection and rapid restoration of infrastructure critical to the reliability of communications within and throughout Europe. A 2009 gap analysis conducted by ENISA of good practice in respect of telecommunication network operators identified information sharing as a set of useful best practice. Given the acknowledged importance of information sharing, this report sets out findings from a research project into the barriers to and incentives for information sharing in the field of network and information security, in the context of peer-to-peer groups such as Information Exchanges (IE) and Information Sharing Analysis Centres (ISACs).

Research conducted by

This report is part of the RAND Corporation external publication series. Many RAND studies are published in peer-reviewed scholarly journals, as chapters in commercial books, or as documents published by other organizations.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.