Relevant information from outside the organisation is collected and made available across the organisation to enhance situational awareness
Context and Guidance: In addition to data collected through monitoring and internal information sources, processes are in place to collect information from external organisations that may add detail or clarity to situational awareness. For example, staff may monitor and collect information from a number of resources that provide reliable cybersecurity information, such as forums, vendors, InfraGard, ISACs, and CISA Central. External data is analysed prior to sharing to ensure shared information is relevant and useful to recipients and to highlight specific areas for attention. The situational awareness information is then shared with appropriate stakeholders such as organisational leadership, incident response personnel, and asset owners.
Related Practices • Information Sharing: This practice is part of a group of cross-domain practices that enable information sharing with organisational stakeholders. These include: THREAT-1i, THREAT-2h, THREAT-2k, RISK-1c1d, SITUATION-3a, SITUATION-3c, SITUATION-3d, SITUATION-3e, RESPONSE-2g, RESPONSE-3c, RESPONSE-3f. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-3c, SITUATION-3e, SITUATION-3f.