http://gcn.com/articles/2010/06/22/information-management-better-cybersecurity.aspx By William Jackson GCN.com June 22, 2010 It might sound like heresy, but information sharing is overrated, said Tony Sager of the National Security Agency. IT security officials already are overloaded with information, Sager said. As chief of the vulnerability analysis and operations group in NSA's Information Assurance Directorate, which runs Red Team penetration tests, Sager has generated his share of security information over the past 33 years. But that data often contributes little to improving the security of government IT systems, he said Tuesday at the Symantec Government Symposium on IT security in Washington. "Dumping our inboxes at each other is not going to cut it," Sager said. "Being at the right meeting is not going to do it. The key to success in IT security is information management." E-mail exchanges and meeting attendance don't scale, he noted; an agency official can't increase them indefinitely as the demand rises. Information management means getting the right information into the hands of those who need it. That requires not data dumps, but standards for tools that can analyze data and make it available irrespective of its source; standards such as the Security Content Automation Protocol, jointly developed by the NSA, the National Institute of Standards and Technology and the private sector. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Tue Jun 22 2010 - 22:48:48 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 22 2010 - 22:56:36 PDT