Is Practical Information Sharing Possible?

Presented at ShmooCon IX (2013), Unknown date/time (Unknown duration)

Over the last few years, there has been an increased emphasis on sharing threat information as part of a complete approach to information security. Numerous government policies require sharing of information across agencies and with the public. And as more and more corporations discover they and their peers have been compromised, IT security organizations face more pressure to share attack and threat information internally and with external partners.

Information sharing sounds like a great idea on the surface, but the reality is very different. There are complex issues regarding privacy, intellectual property, domestic international law, and technical format of the data that need to be addressed. And at its core, if you share or receive shared information, you have to achieve some sort of benefit from that action. If your organization isn't prepared to act on the data in a meaningful and efficient manner, what is the point of sharing?

This panel will attempt to address some of the concerns regarding information sharing. Hopefully by the end of the discussion you'll have a better idea as to whether threat information sharing is right for your organization and how to successfully integrate it into your information security program.


Presenters:

  • Ben Miller
    Ben Miller works in the Electricity Sector Information Sharing Analysis Center (ES-ISAC). Among other things Ben is building out how the ES-ISAC shares threat information among the North American electricity sector. The last eight years Ben has focused on incident detection and response in a variety of roles. Ben also helps run Charmsec (http://charmsec.org); a citysec-style meetup in Baltimore.
  • Doug Wilson
    Doug Wilson is the Threat Indicator Team Lead at Mandiant. He lives in DC, and in an effort to try to get the ridiculously large community of Infosec nerds in this town to interact on a more regular basis, Doug has had his fingers in various local security pies over the years, such as founding the OWASP DC chapter, AppSec DC, and CapSec DC. He's gotten to take his passion for getting people to share information and interact into the workplace in the past year, having been the lead cheerleader and spokesperson for the open threat information sharing standard, OpenIOC (http://openioc.org).
  • Sean Barnum
    Sean Barnum is an Information Security Principal at The MITRE Corporation where he acts as a senior advisor to US government and industry, often acting as technical architect and community leader for various information security knowledge structuring efforts including STIX, CybOX, TAXII, CAPEC, MAEC, CWE, and SAFES among others. He has a broad base of over 25 years of experience in the software & technology industry. He is a frequent contributor, speaker, trainer and author on information security topics. He is coauthor of the book "Software Security Engineering: A Guide for Project Managers", published by AddisonWesley.

Links:

Similar Presentations: