DHS is providing the Dashboard Reference Implementation (DRI) cyber security body of knowledge for public consumption in case it may be of use to other organizations.  


DHS makes this information available as-is and for informational and educational purposes only.  DHS provides no warranties with respect to any of the content linked or printed on this page, and assumes no liability for its use.  DHS does not endorse any organization, its solutions or services.

Available Material

This body of knowledge represents documentation that emerged from a study of best practices that shed light on several critical security questions that confront many organizations.  These include:

  • What are the best techniques and formulas to calculate cyber risk?
  • What kinds of security data are needed and feasible to collect and present?
  • How is this data stored?
  • How can analysis of security information be presented clearly for a broad spectrum of employees in an organization using a single tool box?
  • When specific security threats change, how can an organization view newly needed data efficiently and effectively?
  • Is it feasible to focus attention on the worst cyber problems first?
  • How can the limited time of executives and technicians be used to greatest advantage to help prevent major cyber security incidents?
  • How can I track progress toward lowering risk across my organization?

Using DRI Material

These findings of DRI and the associated design recommendations blend theoretical and applied discoveries.  Conclusions are documented in issue tracking artifacts, available below.   A key to DRI design recommendations is its data model, which can be examined by looking at the DRI SQL-Server database.  Logic in the interface may also be inspected to see how select requirements were met.


Because of the factors listed among the disclaimers, these downloads are initially most useful for data analysts, data base administrators/ modelers and dashboard software developers. 

Secondary conclusions based on DRI findings may benefit security managers, IT network professionals and executive partners.  Some of the higher level materials discussed in the documentation zip files might be the most accessible and beneficial to general audiences and in academic settings.

By downloading any or all attached links, the user verifies that s/he has read the disclaimers listed above, and accepts that DHS shall not be responsible for any use the recipient may make of the DRI downloads.  No support for this DRI material is offered or provided:


As DRI is neither a production system nor a deployable off-the-shelf product, the more modest description of this download material as “reference” documentation was very intentional.

For example, DRI, as developed, did not include beta testing with users, scalability testing, scalability/performance testing, a fully functional and tested installation capability, or robust error checking features expected in off-the-shelf products.

Any attempt to use the DRI beyond the scope of its original purposes would be inappropriate.  (See “Disclaimer”.)