Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
October 15, 2002 — CIO —
Stanley "Stash" Jarocki doesn’t act like the agreement he recently signed with the FBI’s National Infrastructure Protection Center (NIPC) is a big deal. "It’s a prenuptial?nothing exotic," says Jarocki, chairman of the Financial Services Information Sharing and Analysis Center (ISAC) and vice president of information security engineering at Morgan Stanley.
But, in fact, it’s a huge deal. With the memorandum of understanding Jarocki signed last June, the ISAC?which was formed in 1999 to give financial companies a place to exchange information about security threats out of the earshot of regulators and law enforcement?has agreed to talk at least once a week to the NIPC, a law enforcement coordination agency.
So what caused the change of heart? Jarocki says it’s because Ron Dick, head of the NIPC, is placing
the agency’s emphasis on preventing crime rather than on catching perpetrators. "Now if I call Ron’s people up and say I’ve got a problem, I’m not necessarily going to have a guy with a gun and badge here tomorrow," says Jarocki. "He’s changed things. I’ll get a [computer] analyst before I get a criminal investigator." The NIPC has also offered the ISAC something in return for the information it shares about security threats such as unknown viruses or new kinds of attacks on firewalls: expertise in computer forensics and data analysis.
The agreement is good news for Dick. "When it was first created, the Financial Services ISAC indicated that it would share information amongst its members and receive information from the government but found it highly unlikely that they would ever share information back to the government," says Dick. "We have been able to demonstrate that we can protect that information, so certain sectors like the financial services sector have seen the value-added associated with two-way information sharing." For instance, last winter the NIPC briefed the ISAC on a newly discovered vulnerability in the common Simple Network Management Protocol (SNMP). Once the vulnerability became public, the ISAC stayed in touch about attacks on SNMP-based hardware and software.
Not that the ISAC members are ready to tell the government all. When members report security incidents to the ISAC, the information is stripped of identifying information, first by a software "scrubber" that erases trademarks, acronyms and other identifying information based on lists provided by members, and then by a human one. Even so, Jarocki says companies are nervous enough about inadvertently revealing weaknesses that they will refuse to share some kinds of information?such as diagrams of network architecture?until they’re convinced that that information could not be accessed through a request under the Freedom of Information Act (FOIA). (See "Fact, Fiction and FOIA," Page 65.)
The CIO's Guide to Mobile Security: Executive Overview and Checklist
Security Features of the BlackBerry Solution
Solving Online Credit Fraud Using Device Reputation
Effective Governance Yields Outsourcing Value
The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise
Oxford International Modernizes Vehicle Order Management System for Leading European Automaker, an IBM Case Study
Zen Master Series - The Transformation of Application Development with Ascendant Technology
Enterprise Content Management: From Strategy to Solution
Get a grip on your mobile workforce Webcast
Enabling the Global Enterprise
Selling IT's Strategic Benefits to Business
Oracle Helps Alltel Save $30 Million Per Year
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Analysts: Google Spreading Itself Too Thin
At 10, Google Reiterates Commitment to CIOs
Nokia Adds Address, Calendar Sync to Ovi
Oracle Said to Be Making Progress on Fusion Apps
Libertarian Barr, EPIC Outline Privacy Agenda
As Google Turns 10, Enterprise Success in Question
Innovative Thinking Gets a Kick in the Pants
Disk Storage Drove Ahead in Q2
MySQL Cofounder May Resign
VMware Virtual Servers Get 5X Faster Shadow Copy With V2 of Vreeam Backup
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
