For a long time cyber security experts have prescribed Information Sharing as an important practice and apparently the Government talked about this in 2006 <WOW> They call it an Information Sharing and Analysis Center (ISAC) but who is sharing and who is not!
Now in 2016, some one or the other keeps talking about it, and people have started using terms like STIX and TAXII along with. I wonder if these same people who act, talk and blow hot air like they are InfoSharing experts have ever seen this in use. Or ever seen an ISAC platform.
(I haven’t)
Like 5 years back at a couple of big bank CISOs had said that there is a Fin-ISAC that has been setup in India under IBA or what. I asked if I can come see it and was told it is “secret” and cannot be shared I came away supposedly impressed by their professionalism. Cut to November 2016, an ex-consultant of a big-4 audit firm was waxing eloquent about STIX and TAXII and the need for Information Sharing. He said that an ISAC is being set up by IBBA/IDRBT and I was mentally LMFAO. Hot damn.. the CISO said it was operational in the year 2011 and in 2016 it is being setup…. WTF.
When will some of these folks stop lying !
This article will be updated later, so if you please leave your contact information below as a comment you will get an update in a day or two.
Very relevant. We need some action on this.