Featured Product
This Week in Quality Digest Live

More Videos

Standards Features
How Do You Ensure That a Tape Measure is Accurate?
NIST
The short answer
Small Businesses: Keeping Up With Today’s Economy
ISO
MSMEs are encouraged to uphold the highest standards
From Wax Light to Moonlight
Steven Brown
21st-century standard candles at NIST
Standards Help Keep Firefighters Safe
Kath Lockett
ISO standard for the cleaning, inspection, repair of firefighter PPE
Safer Food, Better Health, and a Brighter Future
Ann Brady
From farm to fork, how safe is your food?

More Features

Standards News
Topo to Launch Product Compliance Database
Run compliance checks against products in seconds
Webinar: ‘Automotive SPICE for Cybersecurity’
Aug. 25, 2022, at 3:00 p.m. Eastern
Proposed ASTM Standard Defines Properties for 3D Printing Filaments
Could be used for basic performance information on raw materials used in the most common 3D printers
Supply Shortages Could Lead to Greater Food Fraud Risk
Now is not the time to skip critical factory audits and supply chain assessments
Webinar: Aligning Your Information Security Management System Framework With TISAX Controls
July 29, 2022, at 11 a.m. Eastern
ETQ Releases Reliance NXG QMS and New Quality Events Application
Google Docs collaboration, more efficient management of quality deviations
Executives at Baldrige Fellowship Explore Leadership Challenges in a Changing World of Work
Program inspires leaders to consider systems perspective for continuous improvement and innovation
Argolytics and CFA Solutions Create Nonconformance Reporting in Trendable for Data Collection
Collaboration produces online software for collecting quality inspection data
NIST Prize Challenge Seeks Innovative Incident-Command Dashboards for Public Safety
First responders may benefit from NIST contest to reward high-quality incident command dashboards

More News

NIST

Standards

Cyber Security: Your Mother Was Right

Sharing is good, and NIST has some help on how

Published: Thursday, November 20, 2014 - 14:26

(NIST) -- Time is not your friend when your information systems are under cyber attack, but sharing threat information before, during, and after an attack with a trusted group of peers can help. Not only does it alert the other members of your community to a potential attack, it can provide critical actionable information to speed and bolster your own defenses. Participating in a formal information sharing group can greatly enhance an organization’s cybersecurity capabilities.

But for all the potential benefits, sharing operational information outside an organization presents a unique set of challenges. To help, the National Institute of Standards and Technology (NIST) has prepared a Guide to Cyber Threat Information Sharing that provides organizations with the key practices they need to consider when planning, implementing and maintaining information sharing relationships. NIST is requesting comments on the draft document by November 28, 2014.

An organization that has faced an attack has valuable information to share with others. “By sharing cyber threat information, organizations can gain valuable insights about their adversaries,” says lead author Christopher Johnson. “They can learn the types of systems and information being targeted, the techniques used to gain access and indicators of compromise. Organizations can use this information to prioritize defensive strategies including patching vulnerabilities, implementing configuration changes and enhancing monitoring capabilities.”

Information sharing within business sectors is particularly advantageous because the organizations often face similar threats.

The NIST publication presents a deeper treatment of the information-sharing concepts presented in Section 4 of the Computer Security Incident Handling Guide, Revision 2. The guidance also references the Framework for Improving Critical Infrastructure Cybersecurity’s Framework Core, which is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.

The guide examines the benefits and challenges of coordinating and sharing, presents the strengths and weaknesses of a variety of information sharing models, explores the importance of trust, and addresses specific data handling considerations.

Appendix A provides a collection of scenarios that demonstrate the value of information sharing by describing real-world applications of threat intelligence sharing and coordinated incident response. These include an email phishing attack on people who attended a conference and how an investigation by credit card companies revealed that a retailer was unknowingly under attack.

The Guide to Cyber Threat Information Sharing is available at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-150. Comments should be sent by November 28, 2014 to sp800-150comments@nist.gov using the Comment Template Form for Draft SP 800-150.

Discuss

About The Author

NIST’s picture

NIST

Founded in 1901, the National Institute of Standards and Technology (NIST) is a nonregulatory federal agency within the U.S. Department of Commerce. Headquartered in Gaithersburg, Maryland, NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.