LISTSERV 16.0 - MSUNAG Archives

This popped up this week in a SANS newsletter on recent security developments. Many companies and institutions are reluctant to share information they have discovered about cyber threats, especially if their discoveries were related to a breach. These guidelines aim to change that. If you are interested, the public comment period is about a month long.

Of additional interest, the editors at SANS also provided a link to a recent senate bill, which may mandate this kind of information sharing in the future.

(SANS excerpt below)

------------------------

--NIST Issues Information Sharing Guidelines for Public Comment (October 30, 2014) The US National Institute of Standards and Technology (NIST) has released a draft of its Guide to Cyber Threat Information Sharing for public comment. "The goal of the publication is to provide guidance that improves the efficiency and effectiveness of defensive cyber operations and incident response activities, by introducing safe and effective information sharing practices." NIST will be accepting comments through November 28.

http://net-security.org/secworld.php?id=17554

http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf

[Editor Note (Murray): All infrastructure enterprises should read and respond to this guidance. Response should begin with comparing the maturity of one's program to that implied by the guidance. However, it should be noted that these recommendations do not imply, suggest, or require the sharing of PII, IP or, business plans or programs. Compliance is good business and does not require the granting of any special legislative authority or immunity.

(Northcutt): The document is well worth reading, The concepts of security intelligence and and information sharing are crucial. In fact they may mandated by law:

https://www.congress.gov/bill/113th-congress/senate-bill/2588 ]

----------------------------

John Resotko

Assistant Director, Systems Administration and Support

Michigan State University College of Law

648 N. Shaw Lane, Room 208 Law Building

East Lansing, MI 48842-1300

email: [log in to unmask]

phone: 517-432-6836

fax: 517-432-6861

web: http://www.law.msu.edu/

Current Chairperson, MSU IT Leadership CAFE: https://sites.google.com/a/msu.edu/it-leadership-cafe/

Member of MSU IT Council, Security Subcommittee: http://tech.msu.edu/itcouncil/index.php