Governance & Risk Management , Incident & Breach Response , Information Sharing
ISACA: How Law Could Spur Info Sharing
Encouraging More Retailers to Share Cyberthreat DataWhile cyberthreat information sharing within the banking sector has improved in recent months, other sectors involved in financial services, such as retail, have failed to keep up, says Robert Stroud, who served as ISACA's international president for a one-year term that ended June 8. ISACA is a global association of IT, security, risk and privacy professionals.
Passage of federal legislation that would encourage businesses to voluntarily share cyberthreat information with the federal government and each other could play an important role in spurring broader information sharing, Stroud says in this interview with Information Security Media Group. Pending legislation would, among other things, establish processes for liability protection for those sharing information.
The House in April passed cyberthreat information sharing legislation, and it's now the Senate's turn to act (see House Passes Cyberthreat Info-Sharing Bill). Many financial services experts are anxious to see if such legislation could lead to more merchants getting involved in cyberthreat-intelligence sharing, Stroud says.
"Many organizations, including [those in] the retail sector, are involved in financial transactions," Stroud says. "So one of the discussions that's in the industry at the moment is, 'Do we need to extend it [information sharing] to anybody involved in the payments transaction chain?'"
Each point along a financial transactions poses potential risks, Stroud says. And if more cyberthreat information is shared among banks and merchants, security will be be enhanced, he contends.
Legislative Review
ISACA recently evaluated legislative proposals in a white paper, "U.S. House Passes Cybersecurity Information Sharing Legislation."
Stroud is hopeful Congress will take action on information sharing legislation soon to help bolster cybercrime-fighting efforts in the financial services arena.
During this interview, Stroud discusses:
- Global information sharing legislation from which the U.S. could learn;
- Why cyberthreat information sharing must extend beyond banks and credit unions; and
- How the government is working to address privacy and liability concerns surrounding information sharing.
In addition to serving as ISACA's immediate past president, Stroud also is a member of ISACA's Strategic Advisory Council. And as past international vice president of ISACA, he also serves on its framework committee. He is a governance evangelist as well as vice president of strategy, innovation and service management at CA Technologies. ISACA is an independent, nonprofit, global association that engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.