Return-Path: <sentto-279987-3395-1003976522-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 24 Oct 2001 19:23:08 -0700 (PDT) Received: (qmail 4927 invoked by uid 510); 25 Oct 2001 02:21:28 -0000 Received: from n7.groups.yahoo.com (216.115.96.57) by 204.181.12.215 with SMTP; 25 Oct 2001 02:21:28 -0000 X-eGroups-Return: sentto-279987-3395-1003976522-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by n7.groups.yahoo.com with NNFMP; 25 Oct 2001 02:22:02 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 25 Oct 2001 02:22:02 -0000 Received: (qmail 87226 invoked from network); 25 Oct 2001 02:22:01 -0000 Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 25 Oct 2001 02:22:01 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 25 Oct 2001 02:22:01 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9P2M2211488 for iwar@onelist.com; Wed, 24 Oct 2001 19:22:02 -0700 Message-Id: <200110250222.f9P2M2211488@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 24 Oct 2001 19:22:02 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Sharing.key.to.combating.threats] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sharing key to combating threats By Diane Frank, Federal Computer Week, 10/24/2001 <a href="http://www.fcw.com/fcw/articles/2001/1022/web-gao-10-24-01.asp">http://www.fcw.com/fcw/articles/2001/1022/web-gao-10-24-01.asp> As awareness about the importance of sharing information about cyber and physical threats grows following the Sept. 11 terrorist attacks, the General Accounting Office last week released a report on the best practices of leading organizations in the public and private sectors. The report is in response to a request in May from Sen. Robert Bennett (R-Utah), a key supporter of critical infrastructure protection issues and an advocate for sharing cybersecurity information between the government and private sector. Bennett and other members of Congress have introduced bills this year to promote such sharing. GAO reviewed 11 organizations, including the Centers for Disease Control and Prevention, the Federal Computer Incident Response Center (FedCIRC), the Joint Task Force-Computer Network Operations (JTF-CNO), and the North American Electric Reliability Council. FedCIRC serves as the central warning, analysis and response organization for civilian agencies, and the JTF-CNO provides that service for the Defense Department. All of these organizations form relationships with members to collect information on security incidents, analyze potential future weaknesses and issue alerts on vulnerabilities and attacks. The GAO report, and past reviews in related areas, found that information sharing and coordination are "central to producing comprehensive and practical approaches and solutions to combating computer-based threats." But few agencies have formed such mechanisms, and those that have are still working to become entirely successful, according to GAO. From their experience, GAO outlined several key success factors: * Developing trust between participants over time through personal relationships. * Establishing effective and secure communications. * Getting the support of senior managers at member organizations on the importance of sharing such potentially sensitive information. * Ensuring continuity of leadership within the organization to maintain focus. * Providing identifiable benefits to keep members involved. The most difficult challenge is organizations' natural reluctance to share information on vulnerabilities, GAO reported. This challenge can be immediately addressed through the development of clear, written agreements on information usage and sharing, GAO wrote. And that reluctance is reduced over time as members become more familiar with one other and others' perspectives and pass on their positive experiences to new members, according to the report. GAO report: "Information Sharing: Practices That Can Benefit Critical Infrastructure Protection" at <a href="http://www.gao.gov/new.items/d0224.pdf">http://www.gao.gov/new.items/d0224.pdf> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST