A Business Case for Sharing
GRF’s Mark Orsi partnered with Charles Blauner of Team8, Michael Daniel of Cyber Threat Alliance, and Jeremy Jurgens of the World Economic Forum to produce the white paper “The Business Imperative of Cyber Information Sharing for Our Collective Defence” which makes a business case for threat information exchange.
The paper outlines three steps to overcome barriers to sharing, focusing on organizational structures needed to make sharing practical and acceptable:
1. Make info sharing a C-suite prerogative
2. Manage compliance / regulatory concerns
3. Define “sharing” on a practical level
As Blauner writes, “Cybersecurity professionals almost universally support increased information sharing… In fact, the consensus on information sharing is remarkable for its consistency and durability. Yet, despite this consensus, the level of cyberthreat information sharing remains insufficient. Cleary, if everyone agrees that we should do something, but many organizations do not, we need to examine the impediments to action more closely.”
All organizations should consider joining their sector's ISAC and/or the Business Resilience Council - an all hazards, multisector threat sharing community that includes vendors to create a fabric of security and resilience.