This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."

Download it now to read this article plus other related content.

Share and Share Alike
Hayden and Bailey have felt some resistance to their ideas, but there must be some "collaboration" mineral in Northwestern waters.

The Pacific CISO Forum, a local information network with 25 to 30 members, including Bailey and Hayden, has been around for a while. Some members bring connections to the FBI, Secret Service and Department of Justice, while others participate for access to their local security peers.

"We're like the three-legged people in town," says Peter Gregory, a founding member of the Forum and chief security strategist for the consultancy VantagePoint Security. "There aren't many of us, so we like to get together, share what we know and commiserate."

Vendors are excluded from this group. Bailey says many of the more organized plans for cooperation "are burdened with pundits and participants who are vendors and who don't have skin in the game." When he picks up the phone, the person answering will have the same sort of accountability that he does, as well as the same issues and problems. Vendors may have products and expertise, but they don't have the operational needs and experience. And, of course, there's always the possibility of a vendor tainting discussions to favor their products.

One reason the Pacific CISO Forum has worked is that members have used sound principles for sharing experiences and information, says Jeffrey M. Stanton, a social

    Requires Free Membership to View

psychologist and associate professor in Syracuse University's School of Information Studies. Groups like these are "most likely to work if they're peers and if there are enough similarities in their job functions and responsibilities that they have something to tell each other."

Geographic proximity is also helpful. The Internet and telecommunications make it possible to converse with anyone, anywhere. But people still prefer having personal contact with the people they want to trust.

What clinches things, though, are benefits and deliverables. For example, Seattle is renegotiating its ISP contract. Networked connections to computer forensic specialists, network experts and even lawyers helped build a wish list of concessions and benefits, like having a special support telephone number in case of a serious cyberattack, so there's no wait for assistance. No one CISO would have thought of everything, but collectively they draw on one another's experiences and perceptions to develop well-rounded security architectures, policies and response plans.

Some experts, like Dr. Don Goff, wonder whether a total lack of organization might send some groups heading in wrong directions.

"A common understanding of what the basic problems are and how to address them seems to me a basic first step," says the professor of information and telecommunications systems at University of Maryland University College (UMUC), one of 60 programs nationwide certified by the National Security Administration as a Center of Academic Excellence in Information Assurance Education. Currently, the Maryland governor's office is launching an initiative to bring together private companies, law enforcement, fire departments and government to create a statewide cybersecurity plan.

This was first published in January 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: