Review Benefits

In cases where an organisation already provides services to the prospective WARP community, then creating a WARP will add another service to their portfolio. The benefit to the WARP operator is likely to be directly proportional to the benefit of a WARP to its members, which are listed below.

Member services and benefits

The argument and business case for creating a WARP is enhanced significantly by real examples of benefits derived from existing WARPs and their members. The following document describes the benefits derived by WARP members from the three WARP services, filtered warnings, advice brokering and trusted sharing. The case studies describe benefits in terms of cost savings, increased security and increased capability.

WARP member benefits statements

• Trusted environment - Trust and confidence are crucial characteristics of any on-line service, and a successful attack which compromises the Confidentiality, Integrity or Availability of the information related to these services will undermine this confidence. Security incidents are newsworthy and the media often fuels this erosion of trust with the end result being political embarrassment and people not wanting to use the on-line services, especially if their personal information is at risk.
  
  The WARP will provide a trusted community of interest where members can report incidents and seek advice without the fear that the information will be used to harm them.
• Information Filtering - The threat from a malicious attack is always there, as evidenced by many surveys including the Information Security Breaches Surveys conducted by PWC on behalf of BERR.
  
  The WARP will understand the community of interest and filter information from sources on relevance and urgency before passing on the information to participants, thereby facilitating the decision making process and at lower cost than working on their own.
• Access to Expert advice - Many of the Advisories and Warnings require specialist knowledge to fully understand the significance and required action to reduce the risk of a successful attack.
  
  The WARP will facilitate information sharing between experts both within the WARP and in liaison with other experts from trusted organisations such as GovCertUK and CSIRT-UK, thereby producing higher quality solutions.
• Early warning - Although early warning is often a difficult aspiration to realise, there is benefit to an organisation in knowing when and how other organisations are being attacked, especially if they are within their community of interest. This will help an organisation put in place emergency preventative measures which in normal circumstances would not be operationally acceptable.
  
  The WARP will provide a validated and trusted reporting environment which will enable participants to benefit from the experience of others when attacks are taking place.
• Strategic Decision Support - How much should I spend on Security? is often a difficult question to answer along with when and what should I spend it on? Benchmarking against other organisations within your community of interest is one approach and another is to use validated trend data from reported incidents.
  
  The WARP will over time analyse incidents and the most effective countermeasures, and together with threat forecasts, produce strategic reports which can be used to support the business decision process for security investment, thereby optimising the value of the investment.
• Education and Awareness - Information Security is a topic which is continually evolving as new technologies are introduced, new threats identified and new solutions developed.
  
  The WARP will provide a channel to disseminate advice on new security topics, based on the relevance to the community.

Next step: Assess costs and funding

• Set up a WARP
• Identify Community
• Review benefits
• Assess costs and funding
• Produce business case
• Register your WARP