ThreatNG open-source datasets aim to improve cybersecurity practices
The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally.
Datasets for organizational insight
The open-source datasets offered by ThreatNG provide an understanding of organizational practices, promoting informed decision-making and accountability within the corporate landscape. These datasets include:
ESG (Environmental, Social, Governance) filings – A dataset highlighting a company’s dedication to sustainability, ethical behavior, and good governance, offering insights into organizations’ engagement in responsible and sustainable practices.
ESG violations – This array uncovers companies’ shortcomings in meeting environmental, social, or governance standards, thereby promoting transparency about the consequences of their non-compliance.
Ethics and governance – This collection contains links to detailed information on an organization’s ethical principles and governance frameworks, serving as a tool for stakeholders, investors, and the public to access comprehensive insights into how companies prioritize and implement ethical standards and governance practices.
How you can use the datasets
Eric Gonzales, founder of ThreatNG, told Help Net Security what they experienced with their security service provider customers/partners, along with how they have used the ethics and governance documents:
Develop compliant incident response plans
These documents provide frameworks for developing incident response plans that comply with the customer’s ethical and governance requirements. For example, an ethics and governance document outlines the customer’s expectations for incident response regarding data breaches. From this, a service provider can develop a plan that adheres to these expectations and ensures the ethical handling of sensitive data during an incident. The service provider minimizes the impact of a data breach and upholds the customer’s ethical standards, protecting their reputation and trust.
Inform risk assessments and vulnerability scans
Insights can be used to prioritize high-risk areas based on the customer’s ethical and governance framework.
Proactive communication based on ethics
Understanding the customer’s ethical principles allows for proactive communication tailored to address their concerns and values. For example, the service provider may identify potential vulnerabilities related to the customer’s ethical concerns about artificial intelligence bias, from which they can proactively communicate the risks and propose solutions for mitigating them before any harm occurs. The service provider proactively cares about the customer’s ethical concerns and builds trust through open communication.
Empowering collaboration across sectors
This open-source initiative holds potential for many organizations, fostering collaboration, transparency, and collective enhancement of cybersecurity practices across sectors.
- Private companies, reliant on digital infrastructure, gain strategic insights into peers and competitors, optimizing risk assessments.
- Publicly traded companies utilize datasets to elevate ESG disclosure, enhancing reputation and trust among investors.
- Non-profit organizations with limited resources leverage the datasets for risk mitigation, safeguarding sensitive information, and maintaining public trust.
- Government agencies enhance cybersecurity governance and regulatory oversight, informing policy decisions for critical infrastructure security.
- Research institutions contribute to cybersecurity knowledge by studying trends and vulnerabilities.
- Cybersecurity vendors benefit through collaborative improvements, leading to enhanced security tools.
- Ethical hackers and security researchers identify vulnerabilities, contributing to improved digital security practices.
- Everyday users indirectly benefit from heightened cybersecurity measures, ensuring better protection of user data and privacy.