A growing trend in industry, from a security perspective, is to share informa-tion with the competition in an effort to learn from other’s mishaps and share some of your own.
Given the recent events, especially The Royal Bank’s experience with a computer glitch and subsequent phishing attempts targeting its customers, it was an especially timely topic at the recent Infosecurity Canada conference in Toronto.
Robert Garigue, chief information security officer with the BMO Financial Group, has been involved in setting up information sharing groups for years, dating back to his time with the Department of Defense and its information warfare group. “Interesting enough there were some hurdles sharing information within the intelligence community,” he said during a panel discussion at the conference. “There were a lot of issues around trust.”
In his present and previous role, as chief information officer with the Manitoba government, Garigue said the sailing is much smoother. Getting the various provincial CIOs to share information “worked extremely well;” as is the case with Canadian bank security officers. Garigue wondered aloud what it was about his last two experiences “that the social dynamic worked so well.”
Jim Robbins, CEO of Can-CERT, said success is often dictated if there is a “trusted third party” involved which can act as a sounding board and anonymize some of the problems so participants are more likely to come forward. Can-CERT has a weekly security conference call for the tele