Conceptualizing the cyber incident & event statistics reporting standards

The development of technology led the cyberspace to be directly connected to the daily life. For a nation, it is essential to collect and analyze the statistics produced from cyber-attack incidents to formulate a policy. Specifically, in the Republic of Korea, the second most cyber-attacked country in the world, the synchronization between the cybersecurity technology and policy is essential. However, in current status, the statistics collected by the government ministries in Korea is varied. For instance, the Ministry of Defense and the Ministry of Science & Technology has a different standard in defining the event and incident and its numbers. Thus, the study aims to propose a standardized concept of cyber incident and event statistics which can provide singularized criteria which can be adopted across the ministerial disciplines. In order to provide aforementioned concept, the authors have posed following research questions. First, how to conceptualize the different types of cyber-attacks into a single standard of reporting cyber incidents? Second, what is the proper definition for cyber incident in both national and international levels of policy dialogue? Third, will the established concept can be proposed as an international standard? The authors first breakdown the scattered conceptual knowledge of cybersecurity by the methodology proposed by Gerring (1999) to provide a better concept which can deliver the better knowledge in cybersecurity policy. After, the authors propose the qualitative method in order to develop the single standard in collecting cyber incident statistics. Finally, the authors leave the possible extensions for future related research area based on the proposed method.