Information Sharing and Analysis Centers (ISACs) are a very critical tool in case of targeted attacks . The methodology of the attack can be shared to that other organizations can verify their systems for similar compromise or improve their preventive controls to avoid compromise. We have organizations like ISSA , OWASP and ISACA but their role today is not the kind of detailed information an ISAC could provide. This is why I was quite happy when I saw the following article from Datanews (translated for you):
All banks will soon be connected to a computersystem with which they can rapidly alert other banks in case of fraud. This should be a solution to the coordinated attacks seen on Belgian internet bank accounts says "De Tijd".
The warnings will be anonymous so that other banks won't know which competitor was the victim.
According to Reynders, up till now, there are only 59 known cases of compromised online accounts of which 34 were during last year. In other countries, these figures are a lot higher.
I would say, kudos for this initiative. I would like to see this expand (or created) for other sectors and companies as well. Maybe a real national Belgian CERT (which we lack at the moment)?
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment