Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Articles

The Human Side of Information Sharing

There are quite a few talks at the FIRST conference this week about getting computers to automatically receive, process and distribute information about security events. However I was particularly interested in a session on the human issues that need to accompany any such information exchange.

Organisations, which ultimately means individuals, need to trust one another before information exchange can be effective. Providers of what may well be sensitive information need to trust that the recipients won’t misuse it; and recipients need to trust that providers have gathered and analysed the information accurately so they don’t feel the need to redo all the analysis and duplicate the providers’ efforts. Although anonymity is sometimes suggested as a way to start building trust, it was suggested that this actually produces a slower build-up of trust than if individuals know who is providing the information and who is using it. Instead, a trusted exchange may be easier to establish if it is (initially, at least) narrowly focussed on a common problem that all participants want to solve.

Even a collaboration towards a specific goal is likely to need support to establish and build trust. Using (and abiding by) a clear set of rules on how information may be shared is probably the best known tool. Non-Disclosure Agreements are one possibility, and may be needed if there are legal concerns about sharing, but can be too rigid. The ability to attach distribution rules to individual items using the Information Sharing Traffic Light Protocol may be sufficient to give providers confidence. A good complement to this is to let the provider of information see who has accessed it, both so that breaches of the rules are visible and, I would imagine, to encourage providers that others found their input useful. Having too many passive consumers (“lurkers” or “sinks”) in any information sharing partnership is unhelpful – if hosts can actively seek these out to find out what is preventing them contributing then this can increase both information flow and trust.

On the information consumer side it was suggested that one of the most useful, but also scarce, resources for any information sharing partnership is someone who can ask the right questions, prompting others to look at, and share, their own information in a new light. Having frequently said myself that sharing needs everyone to contribute,  it strikes me that insightful questions might themselves be a significant contribution justifying an individual’s and an organisation’s participation. Recipients of information also need to trust the providers, especially if they are going to make technical or business decisions on the basis of the information they receive. That needs a high level of confidence in others’ human and technical abilities, which may well only be possible if organisations share not only their information, but knowledge of how it is gathered and used.

The goal of an effective information sharing partnership was nicely summarised: computers share data, humans share insights and questions.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *