Educause Security Discussion mailing list archives
Re: Membership in REN-ISAC?
From: Wes Young <wcyoung () BUFFALO EDU>
Date: Mon, 4 Jan 2010 10:55:14 -0500
http://www.ren-isac.net/docs/information_sharing_policy.html Trust is all about perception. You must decide if it's worth publishing vs if people will still trust sending you info should you publish. if you own 100% of the data-set; then i'd imagine you can do what you want with it. If you've correlated data combined with/from a "restricted" data-set; you obviously own the resulting data-set; the question is; what you do with that data-set. Given the example you're citing; i'd say "yes; sounds like a potential conflict of interest; and i'd tread softly" (see: perception reference above). So the question becomes "is it worth publishing vs not having access?" (which; to me, at that point, is a simple risk equation). What does "publishing data" buy you vs "a large community of trusted peers" ? of course; i am not an authoritative source on this; nor do i pretend to be in real life (ok; maybe i pretend to be sometimes, but mostly speaking as a peer and practitioner). most of these are best handed case by case and asking your peers (+RI on a case by case basis until you're comfortable). Right now it's more geared towards "ops" data (protection; mitigation; etc). Until that changes; i'd be careful what you publish and just make sure you're not going to violate any of your peers trust. [It's the one great tool we have against the bad-guys; like it or hate it]. I'd encourage you to read this policy (it's way long; but a thinking went into it). The ideas behind it aren't to inhibit data-sharing; but actually to enable it. The problems we've had in the past as a security community is setting expectation such that a trust fabric can be created; once expectations are set; you'd be amazed how much people are willing to share their collective experiences and data. Trust is torn down when expectations aren't met; or they have been violated (or even perceived to have been violated) in some way. ... and one you get the hang of it [the community]; it's not that bad. You get a lot of useful stuff information in return; the benefit far out-weighs the 'restrictions'. On Jan 4, 2010, at 10:20 AM, Matthew Wollenweber wrote:
How restricted/reasonable is REN-ISAC in terms of information sharing? Obviously you can't publish their restricted data, but I imagine they have a large collection of events that likely overlap with other data sets. If I were to publish results from my own data would and if I were a member of REN-ISAC would I have to check their database before publication?
-- Wes CSI2 Chair SES Project Architect http://claimid.com/wesyoung
Attachment:
smime.p7s
Description:
Current thread:
- Re: Membership in REN-ISAC? Vik Solem (Jan 04)
- <Possible follow-ups>
- Re: Membership in REN-ISAC? Matthew Wollenweber (Jan 04)
- Re: Membership in REN-ISAC? Ken Connelly (Jan 04)
- Re: Membership in REN-ISAC? Wes Young (Jan 04)
- Re: Membership in REN-ISAC? Doug Pearson (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Ken Connelly (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Fletcher, Robert (Jan 04)
- Re: Membership in REN-ISAC? Vik Solem (Jan 04)
- Re: Membership in REN-ISAC? Jesse Thompson (Jan 04)
- Re: Membership in REN-ISAC? Russell Fulton (Jan 08)