A CISO primer for threat information sharing specifications

Threat information sharing is becoming the new infosec pro buzz phrase, in part because President Barak Obama is encouraging the public and private sector to let not only government agencies but also competitors know of threats being discovered.

Aside from the legal problems of sharing certain information — CISOs have to be careful in making allegations against particular individuals or Web sites — there’s the problem of the format.

A number of specifications have emerged including CybOX (Cyber Observable eXpression), STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information),

In a recent blog IBM’s Doug Franklin explains what these and others are and why CISOs should pay attention to them.

Support for these and other standards being added to a number of security products so they can link to security management software, as well as to threat repositories. (see this site for those supporting STIX and TAXII)

The U.S.-based Health Information Trust Alliance’s cyber threat exchange uses STIX to automate collecting and analyzing cyber threats and distributing actionable indicators to customers.

Among vendors, McAfee’s Advanced Threat Defense software sends CybOX STIX-formatted indicator of compromise artifacts to its Enterprise Security Manager for action.

Unfortunately, there isn’t an internationally-accepted standard, which would help make threat information sharing smoother. But as Hamilton points out until we get to that time these will have to do.

“Attackers have been painfully successful lately,” writes Franklin, “and we defenders must up our game. Threat intelligence sharing can help us do that.”

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web