Project Overview
In spite of the huge investments in information security, security losses are a crippling problem for information systems because of poor security investment decisions. To make well informed decisions there is a critical need for information security risk management benchmarking – such benchmarking data depends, of course, on the availability of industry-wide data on security breaches and losses. A fundamental reason for non-availability of such data is that disclosure may risk reputation and financial damage. This project takes a radically different approach to data availability by eliminating any disclosure of company-specific data while still making available aggregated results. This is achieved using a novel concept, called Trusted Query Network (TQN). TQN can let organizations anonymously share aggregated security assessment results while not storing or releasing the raw data outside the organization. The potential use of TQN is not limited to the security arena. It can be used in any situation in which a group of organizations have sensitive data that is valuable for generating metrics and benchmarks that can benefit all the participating organizations, but where sharing that data carries risk if exposed. There are numerous examples of such situations in areas ranging from homeland security, to healthcare, to the corporate sector where topics may include sensitive personnel matters, financial reporting or business practices and ethics.
TQN System Architecture
[img]
Current Status
