Startup envisions CISO collective to share cyberattack information

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2012/081412-securitystarfish-261634.html

By Ellen Messmer
Network World
August 14, 2012

A startup called SecurityStarfish intends to become the central point 
where chief information security officers (CISO) can discreetly share 
information about cyberattacks and obtain anonymized real-time 
information from others in order to deter cybercrime against their 
organizations.

This ambitious effort is being led by one of the most influential 
security professionals in the industry, Dave Cullinane, former CISO at 
eBay and a founding member and chairman of the Cloud Security Alliance, 
the group working on security best practices and standards related to 
cloud-based services.

"We want to share information about attacks and alert others," says 
Cullinane, CEO and co-founder of SecurityStarfish, about the venture's 
goals. He says enterprises today need "actionable intelligence" that can 
"return the balance of power" to the enterprise security team, which is 
hard-pressed to fend off continuous onslaughts aimed at stealing data or 
crippling networks.

The goal is getting a large group of CISOs from the enterprise in 
various vertical industries on board -- at this point security vendors 
are not invited to join -- so that information related to cyberattacks 
can be discretely collected and share anonymously among the group's 
members.

[...]