Page 20 - 2016
P. 20
To best understand the interconnectedness of security data, To share data safely, the eco-sharing architecture must be
it�s best to create a data map. This can be done with a variety able to serve multiple sharing streams in different
of software tools such as Visio. Using these tools you can communities with different data sources. All data should
create a simple overview of KYD�s tenets. only be released on a need-to-know basis, using privileged
access rights.
Next, apply asset categories to the data. This allows for the
easy identification of the security status of the data, its Ultimately, an architecture that allows this two-way flow
sensitivity, any privacy issues that may exist, and the of potentially sensitive data must be aligned with
importance of the data to the organization. regulations. The architecture needs to manage fundamental
requirements using audit reporting. This not only
“To make sharing maintains security and keeps watch over the data flows, but
actionable, organizations allows the architecture to be fine-tuned based on audit
results. In other words, it should provide a reliable way to
need a streamlined internal measure the effectiveness of the shared threat intelligence.
process to assess, detect,
analyze, investigate and Internal Orchestration
Implementing the best practices described above will
remediate threats through enable effective and compliant security information
collaboration” sharing. To make sharing actionable, organizations need a
streamlined internal process to assess, detect, analyze,
investigate and remediate threats through collaboration.
Finally, Know Your Actors (KYA), to determine the key
This can be achieved by orchestrating people, technology
players or stakeholders throughout the chain.
and relevant data in one integrated security workflow.
Then, bring KYD and KYA together by mapping them. As
Conclusion
part of this exercise, it�s best to create a data repository.
To defeat and contain cyber threats, organizations need to
embrace the untapped benefits of sharing security
Mapping looks at how each stakeholder impacts the entire
intelligence. This requires knowing the data and
process of creating, sharing, and storing data. Mapping
collaboration actors, and mapping them together, in order
helps to evaluate any regulatory exposure associated with
to share security information safely and without violating
the data in terms of compliance standards such as data
regulatory mandates.
protection liabilities, SOX, Basel and so on. It also exposes
privacy implications, and provides visibility into antitrust
About the Author
law issues that may reveal themselves when sharing data.
Kobi Freedman is CEO of Comilion, which helps
organizations implement collaboration communities for
Build a Sharing Architecture
sharing security intelligence and threat investigations. Kobi
Once the details of assets and their privileges are mapped,
has been immersed in the cyber security arena for over 15
an architecture for sharing threat data must be created
years, first in the Israeli Defense Forces (IDF) and then with
which will allow data to flow outwards from the
private sector companies. He participates in numerous
organization and inwards from other companies.
Israeli and global policy work groups that set standards for
cyber defense.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 20
