Operationalizing Threat Information Sharing: Beyond Policies and Platitudes

ShmooCon X - 2014

Presented by: Sean Barnum, Aharon Chernin
Date: Saturday January 18, 2014
Time: 15:00 - 15:50
Location: Belay It room
Track: Belay it

Threat intelligence sharing is a hot topic of conversation today that already affects or soon will affect most of us in the infosec community. Like most hot topics this tends to generate a lot of cliched buzzworditis and well-meant but unrealistic policy. Cue the shmooballs!

But what does it take to move beyond just talking about cyber threat intelligence sharing and making it an operational reality. This session will include discussion of the challenges involved in operational implementations and will provide real-world lessons learned from one of the world's leading threat intel sharing programs (the Financial Services Information Sharing and Analysis Center (FS-ISAC).

Sean Barnum

Sean Barnum is a Principal with MITRE and leads several international community efforts to standardize structured threat intelligence information including the Structured Threat Information eXpression (STIX) and Cyber Observable eXpression (CybOX).

Aharon Chernin

Aharon Chernin leads the Information Security Automation team at DTCC and chairs the Security Automation Working Group within the Financial Services Information Sharing and Analysis Center (FS-ISAC). Aharon leads the development of the Cyber Intelligence Repository, used by the Financial Services industry, to automate cyber intelligence sharing through the use of STIX and TAXII.

KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats