Automating the exchange of security and threat information in a timely manner is imperative to the future and effectiveness of the security response community. The timely distribution of threat indicators will only thrive in an environment where trust is sustained. A fundamental component of trust is a clear understanding of how information shared can and cannot be used with very few windows of interpretation. This level of clarity is essential to both the provider and the consumer as each wishes to insure the information is handled properly. Trust is not a matter of technology; but of language, policy and structured understanding.
The general lack of adequate policy that supports information exchange is increasingly becoming an impediment to timely information exchange, that will only be exasperated as more organizations start actively participating in information exchange groups and the volume of security and threat information being shared continues to grow. One of the main challenges today is the lack of clarity when defining and interpreting the permitted actions, uses, and redistribution of information shared between organizations.
The need for an extensible information exchange policy framework has been identified, and the goals of this Special Interest Group is to collaboratively develop a framework for defining information exchange policy, and a set of common definitions for the most common policy aspects. This intent is this framework will address some the information exchange policy challenges and promote information exchange more broadly.
The initial goals of this proposed SIG are to collaboratively develop an extensible framework for defining information exchange policy and a set of standard definitions for most common aspects.
The deliverables of this SIG include:
Automating the exchange of security and threat information, is imperative to the future success and effectiveness of the security response community, and industry.
The Information Exchange Policy framework 1.0 is available here: