Yesterday the Institute for Security and Technology and the Cyber Threat Alliance released a report on a Cyber Incident Reporting Framework. This version, the Global Edition, follows the Fall release of a U.S.-centric version. The Global Edition develops a reporting format that government cybersecurity authorities worldwide could use as the foundation for their national reporting frameworks and regulatory language.​ The U.S. version was developed with CISA in mind following U.S. legislation that required specific U.S. industries to report certain types of cyber incidents.

Do you think this framework checks all the right boxes? Based on your experience, especially outside the U.S., is anything missing? Is there anything new that you really like in the framework?