Over the last few years, there has been an increased emphasis on sharing threat information as part of a complete approach to information security. Numerous government policies require sharing of information across agencies and with the public. And as more and more corporations discover they and their peers have been compromised, IT security organizations face more pressure to share attack and threat information internally and with external partners.
Information sharing sounds like a great idea on the surface, but the reality is very different. There are complex issues regarding privacy, intellectual property, domestic international law, and technical format of the data that need to be addressed. And at its core, if you share or receive shared information, you have to achieve some sort of benefit from that action. If your organization isn't prepared to act on the data in a meaningful and efficient manner, what is the point of sharing?
This panel will attempt to address some of the concerns regarding information sharing. Hopefully by the end of the discussion you'll have a better idea as to whether threat information sharing is right for your organization and how to successfully integrate it into your information security program.
Sean Barnum is an Information Security Principal at The MITRE Corporation where he acts as a senior advisor to US government and industry, often acting as technical architect and community leader for various information security knowledge structuring efforts including STIX, CybOX, TAXII, CAPEC, MAEC, CWE, and SAFES among others. He has a broad base of over 25 years of experience in the software & technology industry. He is a frequent contributor, speaker, trainer and author on information security topics. He is coauthor of the book “Software Security Engineering: A Guide for Project Managers”, published by AddisonWesley.
Doug Wilson is the Threat Indicator Team Lead at Mandiant. He lives in DC, and in an effort to try to get the ridiculously large community of Infosec nerds in this town to interact on a more regular basis, Doug has had his fingers in various local security pies over the years, such as founding the OWASP DC chapter, AppSec DC, and CapSec DC. He's gotten to take his passion for getting people to share information and interact into the workplace in the past year, having been the lead cheerleader and spokesperson for the open threat information sharing standard, OpenIOC (http://openioc.org).