|
Home | Trusted Sharing
Trusted Sharing Service
The following sections describe the stages required to develop, provide and operate the WARP Trusted Sharing service. An introduction to the service is also provided together with a description of the infrastructure required. Select a section from the following table to proceed:
-
Introduction
-
Service development
-
Service operation
1. Introduction
The Trusted Sharing service creates a trusted environment to facilitate the sharing of sensitive information, such as incident or threat data. WARP members must have confidence that any information they share will not cause them harm or embarrassment, otherwise they may not be inclined to share information at all. Sharing sensitive information allows members to be made aware of information that would enable them to take timely preventative action, benefiting from other members experience. Just one timely early warning of a major incident would more than justify any costs of WARP membership.
This service delivers the 'Reporting' part of the Warning, Advice and Reporting Point.
The following report conducted by IAAC and commissioned by NISCC at the time, provides background on how WARPs compare and relate to Trusted Sharing initiatives around the world.
 Sharing is Protecting - IAAC in partnership with NISCC (October 2003)
Back to top
2. Service development
Trusted sharing relies heavily on procedures, which have to be developed to ensure that sensitive information is anonymised, and only distributed in the correct form. It is important to ensure data is collected in a consistent manner to allow for the creation of statistics, the searching of historic data, and to facilitate distribution via the Filtered Warnings Service. The following form gives a good example of the kind of data that should be collected by a Trusted Sharing Service where WARP member reports are entered on this form by the WARP operator:
 Incident reporting form for a WARP Trusted Sharing Service (V1.0 May 2004)
Back to top
3. Service operation
Reporting can be achieved via the telephone, email or face to face dialogue, with appropriate security safeguards as outlined in each WARP's security policy. In all cases an incident reporting form should be provided to help members contribute the required information.
Where anonymity is required, the identity of the reporting member will only be known to the named individuals working for the WARP provider and controlled within the terms of a membership agreement or an information sharing agreement which might be bi-lateral with each member.
The information reported will be analysed, checked to ensure anonymity, and then shared with other WARP members using either the Filtered Warnings Service, or another dissemination route. The WARP operator will facilitate any ensuing dialogue to ensure that the information is used by members to maximum advantage while safeguarding the interests of the reporting member under the terms of the agreements.
When duly sanitised and anonymised, such incident information may also be passed to other WARPs with whom a trusted relationship exists, and to CPNI, for collating and monitoring national trends.
A case study on how the Mid Yorkshire Chamber ( MYCCI) WARP operator was able to help warn WARP members of a specific Telecommunications related fraud as part of the MYSWARP Trusted Sharing service. Using the peer to peer sharing capabilities of FWA, this was also shared with other WARPs.
Case study - Mid Yorkshire Chamber Trusted Sharing (V1.1 December 2006)
Back to top
Building trust
For a WARP to be successful it must create trust among its community members as well as trust with the WARP Operator if sharing of sensitive information, such as incident data, is going to happen. Trust is built between people and has been the subject of some research but little has been done in the context of identifying what trust factors affect a person's ability to share information. The following document describes the findings from research conducted in the UK, supported by CPNI, into the social-psychological factors influencing the sharing of cyber threat information.
Analysis of detailed interviews with a rich variety of security professionals, spread over one year, yielded insights into both the influences and the mental processes involved. Trust, ability, empowerment and professional confidence are key factors. The influence of expectations, reputation and perceptions of others were also identified as important. This research has led to the development of practical techniques for nurturing the sharing of sensitive information between organisations.
Why would I tell you? (V0.3 February 2006)
The following workbook gives you an opportunity to raise your self-awareness in relation to sharing sensitive information. By sensitive, we mean information which carries an element of risk to you as a person but could benefit another. It is based on a Sharing Cultural Assessment (SCA) model which came from research conducted among a number of sharing forums in the UK, as described above.
Sharing Cultural Assessment Workbook (V2.0 October 2006)
At the WARP Annual Forum 2007, a workshop was held on how to use this Cultural Assessement Workbook in a group of people using a set of cards. This group approach may be more beneficial in some situations than an individual approach and therefore these cards and instructions are reproduced in the following documents for others to use.
WARP SCA cards (V1.0 March 2007)
SCA Card instructions (V1.0 March 2007)
The original research report titled 'Why would I tell you? - Perceived Influences for Disclosure Decisions by Senior Professionals in Inter Organisation Sharing Forums' is reproduced below with kind permission of the author.
Why would I tell you? - research report (V1.0 August 2005)
Next step - Marketing provides a large quantity of marketing material which can be downloaded and re-used.
Back to top
|
