Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

National Institute of Standards and Technology creating data-sharing guide

Reprints

Organizations should conduct inventories that catalogue the information they possess and are capable of producing, and document the circumstances under which the data may be shared, says the National Institute of Standards and Technology in a draft version of a guide to cyber threat information sharing.

The guide, announced Monday by the Gaithersburg, Maryland-based NIST, is intended to provide organizations with the key practices they need to consider when planning, implementing and maintaining information-sharing relationships, the agency said in a statement. The NIST is asking for comments on the draft by Nov. 28.

“By sharing cyber threat information, organizations can gain valuable insights about their adversaries,” lead author Christopher Johnson said in the statement. “They can learn the types of systems and information being targeted, the techniques used to gain access and indicators of compromise. Organizations can use this information to prioritize defensive strategies including patching vulnerabilities, implementing configuration changes and enhancing monitoring capabilities.”

The guide references the framework to address cyber security risks that was issued in February by the NIST, which is part of the U.S. Department of Commerce.

“By conducting an information inventory, an organization gains a better understanding of where its critical information resides, who owns it, how it must be protected and when it can be shared,” says the guide.

Among its other recommendations, the guide says organizations should also exchange threat intelligence with sharing partners; use open, standard formats for the efficient exchange of information; and use external sources to augment data collection and analysis.

The draft “Guide to Cyber Threat Information Sharing” is available here.

Read Next