By Kelly Jackson Higgins
March 16, 2010
The Operation Aurora attacks that hit Google, Adobe, Intel, and other
U.S. companies was not only a wake-up call for businesses in denial
about persistent targeted attacks and cyberespionage, but they also have
forced the chief information security officer (CISO) to step out of the
corporate confines and reach out to peers at other organizations.
Some CISOs, such as members of the Bay Area CSO Council -- whose members
arguably were one of the worst-hit by Aurora -- had already been
confidentially sharing various types of attack information among one
another long before Aurora. Gary Terrell, president of the council and
CISO at Adobe, says the CISO's job has mostly been about governance,
risk, compliance, and some operational aspects. "It was sometimes
associated with incident response. Now it's becoming more [associated]
with incident response and will be into the future," he says, who was
speaking on behalf of the council.
Terrell says the CISO's role is moving toward engagement: "In the past,
the CISO had more of a technical role. Now the CISO has to understand
legal and privacy issues and how to engage outside the company to gather
intelligence, like with the Bay Area CSO Council," he says. "The CISO
has to understand emerging markets if with an international company" and
any associated threats in specific regions, he says.
The Bay Area CSO Council serves as a vehicle for CISOs to safely and
securely share their attack experiences. When an advanced persistent
threat (APT) attack occurs, many members are on the phone with one
another three times a week rather than for just their regular monthly
teleconferences. "[This is] just to get information flowing faster. They
are putting together artifacts, and they are shared across [the
members]," Terrell says. "They are able to collect a huge number of
artifacts that helps them take this back into their detection and
defense mechanisms," including intrusion prevention system (IPS)
signatures, for example, he says.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!