In a recent piece in Security Week, I discussed the various challenges I perceive relating to information sharing (http://www.securityweek.com/understanding-challenges-information-sharing). Although I won’t rehash the details of the piece here, I did want to discuss a related point. I’m sure we can all understand the challenges, but what can an organization do about it?
In spite of, or perhaps because of, the challenges in information sharing, much information sharing happens informally through ad hoc trusted relationships and informal information sharing forums. It may be preferable for organizations to have formal agreements and policies in place, but we are not there as a community yet. Until that time, security practitioners still need to exchange data to perform their jobs properly, and as such, informal relationships exist. That being said, there are still steps that can be taken to formalize information sharing efforts a bit more.
Communication and education are extremely important and seem to me to be good starting points. Security leadership within an organization can communicate the information sharing vision. A dialogue can begin with legal, privacy, and other relevant stakeholders within the organization, so that they can be educated as to the value and importance of information sharing and included in the efforts. People can begin tackling the information sharing challenge and working to build the organization’s street cred and foster collaborative relationships. The importance of information sharing can be communicated to external organizations and entities that can better facilitate formalized information sharing.
Once communication and education are underway, a formal information sharing process can be developed. This process will include details regarding what type of information may and may not be shared, what to do if information is shared that should not have been, as well as the actual nuts and bolts around how information is collected, handled, used, and shared. Process in itself brings more formality to an information sharing effort and is an important part of the overall picture.
Technology is also important. Technology that facilitates, rather than fights, information sharing is a must. The data of record should be recorded with no losses or gaps. Searches for evidence of Indicators of Compromise (IOCs) should complete rapidly. It should be straightforward and smooth to both both receive and share information. All of these factors contribute to enabling and empowering successful information sharing, rather than fighting it.
Like most security endeavors, information sharing comes back to people, process, and technology. All of them are important, and all of them play an important role in a successful information sharing effort. Most people say that information sharing is a critical piece of a complete security operations program, and, as a result, it should be given the proper attention accordingly.
In spite of, or perhaps because of, the challenges in information sharing, much information sharing happens informally through ad hoc trusted relationships and informal information sharing forums. It may be preferable for organizations to have formal agreements and policies in place, but we are not there as a community yet. Until that time, security practitioners still need to exchange data to perform their jobs properly, and as such, informal relationships exist. That being said, there are still steps that can be taken to formalize information sharing efforts a bit more.
Communication and education are extremely important and seem to me to be good starting points. Security leadership within an organization can communicate the information sharing vision. A dialogue can begin with legal, privacy, and other relevant stakeholders within the organization, so that they can be educated as to the value and importance of information sharing and included in the efforts. People can begin tackling the information sharing challenge and working to build the organization’s street cred and foster collaborative relationships. The importance of information sharing can be communicated to external organizations and entities that can better facilitate formalized information sharing.
Once communication and education are underway, a formal information sharing process can be developed. This process will include details regarding what type of information may and may not be shared, what to do if information is shared that should not have been, as well as the actual nuts and bolts around how information is collected, handled, used, and shared. Process in itself brings more formality to an information sharing effort and is an important part of the overall picture.
Technology is also important. Technology that facilitates, rather than fights, information sharing is a must. The data of record should be recorded with no losses or gaps. Searches for evidence of Indicators of Compromise (IOCs) should complete rapidly. It should be straightforward and smooth to both both receive and share information. All of these factors contribute to enabling and empowering successful information sharing, rather than fighting it.
Like most security endeavors, information sharing comes back to people, process, and technology. All of them are important, and all of them play an important role in a successful information sharing effort. Most people say that information sharing is a critical piece of a complete security operations program, and, as a result, it should be given the proper attention accordingly.
No comments:
Post a Comment