Information Sharing for Cyber Threats

Abstract

An organization that has faced an attack acquires valuable information on cyber threats that may be shared with others. This information can help an organization to identify, assess, monitor, and respond to cyber threats. Organizations that share cyber threat information can improve their own security postures as well as those of other organizations. Information sharing among private and public entities is a powerful mechanism to better understand a constantly changing environment and learn in a holistic way about serious risks, vulnerabilities and threats, as well as solutions. This article provides a review of the benefits and challenges of coordinating and sharing cyber threat information, the strengths and weaknesses of different information sharing models, and the importance of building trust between actors and handling sensitive or classified information. Organizations have to establish information sharing goals and scope of information sharing activities, identify cyber threat information sources, develop rules that control the distribution of threat information, and make effective use of threat information in support of their overall cyber security practices.