When You Combine Cybersecurity and Discovery, You Get a New Strategic Framework for Cyber Discovery!: eDiscovery Best Practices

You can’t discuss a strategy for discovery these days without also discussing cybersecurity as well.  So, why not put them together into a strategic framework for Cyber Discovery?  A new strategic framework from HaystackID does just that!

Developed based on the European Union Agency for Cybersecurity (ENISA) framework for artificial intelligence lifecycle stages and modified through the lens of the Electronic Discovery Reference Model (EDRM), the HaystackID Cyber Discovery Framework defines, depicts, and discusses a strategic framework that may be useful for understanding and applying the discipline of data and legal discovery in support of cybersecurity-centric challenges.

Along with definitions for Data Discovery, Legal Discovery (eDiscovery), Insight and Intelligence, HaystackID defines Cyber Discovery as “The application of a combination of data discovery and legal discovery approaches to enable the exploration of patterns, trends, and relationships within unstructured and structured data with the objective of uncovering insight and intelligence to proactively or reactively respond to cybersecurity-centric challenges.”


The stages and tasks of the reference model are as follows:


  • Cyber Discovery Goals
  • Data Collection and Ingestion
  • Data Exploration
  • Data Processing


  • Model and Protocol Planning (AI+Experts)


  • Model and Protocol Selection and Building
  • Model and Protocol Testing and Training


  • Model and Protocol Qualification
  • Model and Protocol Evaluation


  • Model and Protocol Adaptation (Adjustment)
  • Model and Protocol Deployment (Execution)
  • Model and Protocol Maintenance (Monitoring)


  • Cyber Discovery Action

Here’s a graphical representation of the reference model:

A downloadable version of the reference model is available here, along with details and descriptions of each of the phases and tasks.

The idea of applying discovery approaches to proactively and reactively responding to cybersecurity-centric challenges makes a lot of sense.  I’m sure we’ll hear more about this framework and it’s application to cyber challenges over time as we are certainly (sadly) seeing plenty of opportunities to address those challenges these days!

So, what do you think?  How does your organization plan for cyber challenges today?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclosure: HaystackID is an Educational Partner and sponsor of eDiscovery Today

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply