Let’s just say I almost failed sharing back in kindergarten. Almost 40 years later I’m not a hell of a lot better at sharing (just ask my kids), but if you want to be good at security, you had better do better at sharing than me. Good points here by Don Srebnick (CISO of the City of NY) on using an ISAC to your advantage:
A structure for this type of sharing has been developed within multiple sectors. If you haven’t heard, the Information Sharing and Analysis Center, or ISAC, is that structure. An ISAC provides members with a private community for dispensing information about security threats, incidents and response, and critical infrastructure protection.
ISACs are an effective method of sharing your information without direct attribution. If your site is under cyber attack or you become aware of an imminent threat to your sector, details can be exchanged without ever revealing your identity, thereby facilitating sharing, but maintaining confidentiality.
I’ve been doing a lot of research on threat intelligence and believe (as many of the CISOs I speak with believe) that no one organization can do it themselves. The only way to shorten the window between attack and detection is to get much better at searching for indicators of compromise in your environment. And bi-directional sharing of the attacks you’re seeing, and learning about attacks similar organizations are seeing, are becoming key success criteria for security in the age of advanced attackers.
The New School guys were absolutely right years ago about the need to share. They were just way ahead of the curve. It’s good to see a lot more discussion about sharing happening in the industry. It’s about time…
Photo credit: “Sharing” originally uploaded by Toban Black