Operationalizing Threat Information Sharing: Beyond Policies and Platitudes

Presented at ShmooCon X (2014), Jan. 18, 2014, 3 p.m. (60 minutes)

Threat intelligence sharing is a hot topic of conversation today that already affects or soon will affect most of us in the infosec community. Like most hot topics this tends to generate a lot of cliched buzzworditis and well-meant but unrealistic policy. Cue the shmooballs!

But what does it take to move beyond just talking about cyber threat intelligence sharing and making it an operational reality. This session will include discussion of the challenges involved in operational implementations and will provide real-world lessons learned from one of the world's leading threat intel sharing programs (the Financial Services Information Sharing and Analysis Center (FS-ISAC).

Presenters:

• Aharon Chernin
  Aharon Chernin leads the Information Security Automation team at DTCC and chairs the Security Automation Working Group within the Financial Services Information Sharing and Analysis Center (FS-ISAC). Aharon leads the development of the Cyber Intelligence Repository, used by the Financial Services industry, to automate cyber intelligence sharing through the use of STIX and TAXII.
• Sean Barnum
  Sean Barnum is a Principal with MITRE and leads several international community efforts to standardize structured threat intelligence information including the Structured Threat Information eXpression (STIX) and Cyber Observable eXpression (CybOX).

Similar Presentations:

• VB2018 / Levelling up: why sharing threat intelligence makes you more competitive
• THOTCON 0x7 (2016) / Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness
• BSidesSF 2016 / Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness