Religious groups find their calling in threat sharing

Religious groups find their calling in threat sharing:

When it comes to protecting faith-based organizations from hackers, divine intervention will only get you so far. Congregations, like any other collection of people, can benefit from trading threat intelligence to mitigate the spread of malware.

With that in mind, religious groups recently became the latest sector to create a threat-sharing hub by setting up the Faith-Based Information Sharing and Analysis Organization (FB-ISAO).

Citing growing threats to donor data and religious websites, the FB-ISAO’s backers said it will fill a void by working with technology vendors to offer faith-based groups threat analysis and make them more resilient to attacks. The organization, founded in June but publicized on Monday, is open to American citizens of all faiths.

(Via Cyberscoop)

Every industry and organizational group should have some kind of threat intelligence sharing capability. These are not a cure-all by any stretch, but help even a moderately mature security team detect and respond at least a little faster.

Also on:

How to Describe Vulnerability Information?

How to Describe Vulnerability Information?:

JPCERT/CC receives software vulnerability information from domestic and overseas reporters, then coordinates them in between the vendor/developer and the reporter. While there is a vulnerability reporting template, vulnerability itself is described in a free format. Reporter can describe about a vulnerability in a way they like. From a vulnerability coordinator’s perspective, the following are a few obstacles that we are facing:

1. It is necessary to “understand” the technical aspects

2. When the vulnerability description is written in your non-native language, it can be extremely difficult to comprehend

(Via JPCERT/CC Blog)

Read on for more. I support these activities, especially how to deal in multi-lingual ways.

Restricting Security Intel from prime consumers

Today’s Headlines and Commentary:

Secretary of Homeland Security Kirstjen Nielsen informed the Senate intelligence committee on Wednesday that only 20 of 150 state and local election officials have the security clearances they need to receive election security intelligence, Axios . Officials require this clearance to receive crucial information from the department on how best to decrease election infrastructure vulnerabilities ahead of Russian interference in the upcoming congressional midterm elections. Nielsen said that the department will sponsor a maximum of three officials per state to receive the sensitive clearance, and said her department will work through the interagency process to bypass the security clearance process and share urgent intelligence with local officials if needed.

(Via Lawfare – Hard National Security Choices)

How useful is security intelligence if the primary audience by and large isn’t allowed to read it?

Also on: