Advertisement

e & i Elektrotechnik und Informationstechnik

, Volume 132, Issue 2, pp 113–116 | Cite as

Trusted information sharing for cyber situational awareness

  • David Sutton
Originalarbeiten
  • 223 Downloads

Abstract

Successful cyber situational response requires the timely and reliable exchange of problem and resolution information between interested parties.

This paper explains how the establishment and maintenance of trust is fundamental to information exchanges and describes the key attributes of information sharing mechanisms.

Keywords

trust information sharing Traffic Light Protocol anonymisation cross-sector sharing 

Vertrauenswürdiger Informationsaustausch für ein besseres Lageverständnis im Cyberspace

Zusammenfassung

Erfolgreiche Reaktionen auf konkrete Cyber-Angriffe benötigen einen rechtzeitigen und zuverlässigen Austausch von detaillierten Informationen zu einem Problem zwischen den beteiligten Organisationen. Dieser Beitrag zeigt die grundlegende Bedeutung von Aufbau bzw. Erhalt des Vertrauens für den Informationsaustausch und beschreibt die wichtigsten Merkmale der Mechanismen für einen solchen vertrauensvollen Informationsaustausch.

Schlüsselwörter

Vertrauen Informationsaustausch Traffic Light-Protokoll Anonymisierung branchenübergreifender Austausch 

References

  1. 1.
    The Royal Institute of International Affairs: Chatham house rule. [viewed October 2014]. Available from: http://www.chathamhouse.org/about/chatham-house-rule#.Google Scholar
  2. 2.
    European Network and Information Security Agency: Good practice guide on network security information exchanges, June 2009 [viewed October 2014]. Available from: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/public-private-partnership/information-sharing-exchange/good-practice-guide.
  3. 3.
    European Network and Information Security Agency: Incident handling process—information disclosure. Undated [viewed October 2014]. Available from: http://www.enisa.europa.eu/activities/cert/support/incident-management/browsable/incident-handling-process/information-disclosure.
  4. 4.
    ISO/IEC 27001:2013—information technology—security techniques—information security management systems—requirements.Google Scholar
  5. 5.
    ISO/IEC 27010:2012—information technology—security techniques—information security management for inter-sector and inter-organisational communications.Google Scholar
  6. 6.
    UK launches first national CERT. March 2014. [viewed October 2014]. https://www.gov.uk/government/news/uk-launches-first-national-cert.

Copyright information

© Springer Verlag Wien 2015

Authors and Affiliations

  1. 1.tacit.tel limitedBognor RegisUK

Personalised recommendations