The one-sentence description we give for the Cyentia Institute’s primary goal is to advance cybersecurity knowledge and practice through data-driven research. One way we we’re doing this is through commissioned and collaborative research projects like the Cyber Balance Sheet report we recently released in cooperation with Focal Point Data Risk. Another way we’re pursuing that goal is by curating existing industry knowledge to make it more accessible and useful for the community. We haven’t shared much about how we’re proposing to do that, but that changes today with the unveiling of the Cyentia Library.
What is the Cyentia Library? Think of it as a gateway to finding relevant cybersecurity research content in way that’s quicker and smarter than googling the entire Web. We’ve collected about 275 industry reports from the last few years and categorized and tagged them using an approach we hope makes the content more meaningful to folks in our industry.
For example, say you’re looking for reports focusing on the consequences of security incidents. Head to the Cyentia Library, and start with the “Impact and Loss” topic. Want to refine that down to losses in the form of business disruptions, lost sales, and productivity impacts? Great; use the “Loss Forms” subtopic or, even better, the “Productivity Losses” tag. You’ll be presented with a list of reports that contain such information. And since categories, topics, and tags are ordered by relative prominence in each report, you’ll be able to discern which ones casually touch on what you’re looking for vs. those that provide more focused/thorough treatment.
We got this idea when trying to find published research to support our own projects. Googling different search terms is pretty hit and miss and you get a wide range of sources. To deal with that more efficiently, we grabbed several dozen common vendor reports and used that as the corpus for our literature review. We found it quite useful and decided to expand and release it as a free resource to the community. In return, we’re hoping you’ll a) use it, and b) help us keep it updated. 275 reports might sound like a lot but we’re certain there’s a bunch out there we’ve missed and new ones come out everyday. We plan to expand the library beyond industry reports in the future, so if there are other types of content you’d like to see added, please let us know.
The content categorization framework we’ve employed is of our own development, but you’ll see that we’ve borrowed heavily from existing things VERIS, FAIR, and the CIS Controls. So check out the library and explore around. We’d love to hear your thoughts and suggestions.