On Wed 2024-05-22 17:51:54-0600 Paul wrote:
ebersman> That includes incident reports where the material outage was ebersman> highly possible but averted.
rstory> That's not what the conclusion has been by the work party so far rstory> for this particular document. Feel free to join in on the fun rstory> and convince folks otherwise!
Every ops job I've ever had, I valued anything that told me what worked and what didn't work.
Metrics and measurement are a key part of the RSOs' responsibility. Surely such incident reports are a valuable metric.
Yes, they are. But the scope of work for this document is for reporting on security incidents that had a material impact on the RSS. Possible or averted events are out of scope for this work party. Also, the document explicitly states that RSO(s) may publish reports of their own for any type of event. So regardless of whether or not a RSO decided to submit a security incident report to the future RSS governance system, it could independently publish an incident or after action report. Regards, Robert USC Information Sciences Institute <http://www.isi.edu/> Networking and Cybersecurity Division