This popped up this week in a SANS newsletter on recent security developments. Many companies and institutions are reluctant to share information they have discovered about cyber threats, especially if their discoveries were related
to a breach. These guidelines aim to change that. If you are interested, the public comment period is about a month long.
Of additional interest, the editors at SANS also provided a link to a recent senate bill, which may mandate this kind of information sharing in the future.
(SANS excerpt below)
------------------------
--NIST Issues Information Sharing Guidelines for Public Comment (October 30, 2014) The US National Institute of Standards and Technology (NIST) has released a draft of its Guide to Cyber Threat Information Sharing for public comment.
"The goal of the publication is to provide guidance that improves the efficiency and effectiveness of defensive cyber operations and incident response activities, by introducing safe and effective information sharing practices." NIST will be accepting comments
through November 28.
http://net-security.org/secworld.php?id=17554
http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf
[Editor Note (Murray): All infrastructure enterprises should read and respond to this guidance. Response should begin with comparing the maturity of one's program to that implied by the guidance. However, it should be noted that these
recommendations do not imply, suggest, or require the sharing of PII, IP or, business plans or programs. Compliance is good business and does not require the granting of any special legislative authority or immunity.
(Northcutt): The document is well worth reading, The concepts of security intelligence and and information sharing are crucial. In fact they may mandated by law:
https://www.congress.gov/bill/113th-congress/senate-bill/2588 ]
----------------------------
John Resotko
Assistant Director, Systems Administration and Support
Michigan State University College of Law
648 N. Shaw Lane, Room 208 Law Building
East Lansing, MI 48842-1300
phone: 517-432-6836
fax: 517-432-6861
Current Chairperson, MSU IT Leadership CAFE:
https://sites.google.com/a/msu.edu/it-leadership-cafe/
Member of MSU IT Council, Security Subcommittee:
http://tech.msu.edu/itcouncil/index.php