PANEL: GETTING IT RIGHT: STRAIGHT TALK ON THREAT , INFORMATION SHARING presented at BlackhatUS 2015

by Kevin Bankston, Trey Ford, Brian Engle, Rebekah Brown, Mark Hammell,

Summary : Sharing information isn't hard - getting past backroom deals, NDAs and approval from general counsel is *very hard*. This topic is not two-dimensional, even if we are quick to weigh data sharing in the face of data breaches, and the US has several pieces of legislation in play on this *right now*.
Conservatively there are over 300,00 open jobs available in information security- efficiency, prioritization and alignment with IT has never been more important. Information sharing and threat intelligence offers hope that we can better inform priorities to align with real threats, however these solutions come with a new set of questions:
Can we collaborate outside our company *and* protect privacy?
What information is worth sharing?
Is there a level of minimum care in protecting civil liberties while enabling rapid information dissemination?
Clearly, we need to talk. If you've got thoughts, we want to hear them. Sharing isn't only the theme of this session, it is also the format. Attendees and panelists will discuss:
What should you do with the information once you have it?
What sharing models (hub-spoke vs. de-centralized) make sense?
What are the privacy considerations in sharing information?
What kinds of liability impact information sharing today?
What corporate controls affect your ability to share information?
What's the status of information-sharing legislation in Congress?