The National Institute of Standards and Technology has developed a guide for organizations to consider when sharing threat information before, during and after a cyberattack.
NIST suggests sharing threat information can help boost a company's own cybersecurity as well as alert other organizations to the possibility of an attack. NIST's "Guide to Cyber Threat Information Sharing" offers organizations key practices to this type of sharing.
"By sharing cyber threat information, organizations can gain valuable insights about their adversaries," said Christopher Johnson, lead author of the guide. "They can learn the types of systems and information being targeted, the techniques used to gain access and indicators of compromise. Organizations can use this information to prioritize defense strategies including patching vulnerabilities, implementing configuration changes and enhancing monitoring capabilities."
The guidance discusses benefits and challenges of coordinating and sharing threat information, strengths and weaknesses of a number of sharing models and outlines specific data handling considerations.
The guidance is still in draft format, though it can be accessed here.
The draft is open for public comment until Nov. 28.
More articles on cybersecurity:
FDA issues cybersecurity guidance for medical device makers
10 ways to bolster healthcare data security
AHA releases cybersecurity resource for hospital boards