Affirmed Information Sharing, Expecting Fast and In-Depth Contents
As an alliance member, they think that information sharing was the most helpful service item; information on information security is diverse and updated rapidly. When it comes to private enterprises, they might not necessarily have dedicated information security teams that can help collect information; therefore, having regular sharing of information is very useful information.
I think information sharing is most direct; we all work on information security here, and we usually only know about big events. But TWCERT/CC allows us to know what’s going on, and this is quite useful to us; we can learn about different situations that different industries encountered.
In addition to continuously providing information sharing, the alliance members also thought that TWCERT/CC provides a lot of information that covers sufficient range, and they pay attention to the technical aspects. But they also wish that in the future, TWCERT/CC could have better control of the timeliness and perform further analysis on the information so that not only can it achieve preventive effects, it can also be used as topics for educational trainings.
So it would be better if the extended on the information; for example, they can learn which domain was attacked more. They should perform some analyses on the information they accumulated and then hold educational training to share these vulnerabilities.
Stakeholders also mentioned that they wish that information related to domestic information security can be added because it would help meet actual market needs and raise the awareness of domestic information security dangers.
For example, we visit TWCERT/CC websites to read news on information security, but most of them seem to be foreign news and some people will feel that we are lucky because these foreign countries are far away from us. It would be better if there were more domestic news.
Simple and Convenient Introductions with Progress Report Notification Added
Even though alliance members might not necessarily have all used notification services before, but those who have used it before think that the notification method was convenient and easy; however, they wish that the communication after notification can be improved. They wish that they can receive progress reports after notification instead of ending the service when notification was completed. For the informant, even if the processing of the reported incident has not been completed yet, they should at least let the informant know about the acceptance progress of this incident. It was suggested that interactive feedback methods should be added after notification in the future to actively notify the informant of the progress, or provide open searches. This way the information will have better understanding of the progress in the future and will be more willing to submit notifications.
My experience on the notification process was easy; you can just fill in the form online, or I can just send them email to notify them of issues on their software. It was quite easy. However, sometimes I need to ask them to follow-up afterwards.
Cultivate Awareness for Active Notification and Provide Incentives to Collect Information
For the promotion of notification services, they mainly wish that the awareness for active notification can be cultivated. According to the experiences of alliance members, there are usually two situations when it comes to active notification in private enterprises. One is when an incident already happened and they are unable to handle it, then will the enterprise be willing to notify when they need help. The second is that they keep the notifications as records just like how police keep records of cases, and they don’t really need help.
Therefore, when it comes to active notification in the future, not only do they need to continue to communicate the awareness of the notification service and the trust for the notification unit, when incidents happen in the future, they can help detect or provide consultation services to increase interactions with enterprises and also strengthen their trust for the notification process. They should make the notification process transparent and add the role of legal adviser and make notifications into legally effective reporting processes so that notifications must be performed even if enterprises do no need help.
Sometimes business owners will make notifications just because they want you to perform free tests or services for them. They usually need this when something already happened, or when they received scam calls. The other type is like filing cases at police stations; they just want to keep the record for the case but they don’t actually need help.
In addition to increasing the willingness for private enterprises to send notifications actively, calling for notification loopholes from third-parties is also a method. For example, alliance operations mentioned practices used in other countries; TWCERT/CC can provide resources for notification rewards to attract third-party units such as white-hat hackers to collect information security loopholes and share them with TWCERT/CC.
Currently, TWCERT/CC is a great medium; it can collect great information from other countries, or have domestic units collect information on loopholes that other people found. If you report it to other countries, you can receive money rewards, but not in Taiwan. There are no information security consulting or technical resources.
Great Response from Events and Educational Training, Expecting More Events and Case-Sharing
Alliance members gave positive evaluations for event hosting and educational training, reasons include useful contents, not about conducting businesses, great lecturer arrangement and free of charge etc. They all hope that this can continue in the future and increase the number of sessions.
I couldn’t really give suggestions for the educational training because they’ve actually done great jobs; the lecturers they invited are also well-known in the industry. My initial response is that they’ve done very well and I hope that they can keep hosting these events.
Suggestions they gave for the content was that they wish there could also be industries that can share actual cases because technical courses are more common, and there are many similar lectures everywhere. Also, because TWCERT/CC has a neutral role, when they invite enterprises to come share actual cases, they will be more willing to do so. However, they must beware and control the timeliness of the sharing to increase reference value; they can also set themes by paying attention to the targets of the educational training. Learn about their information security level or technical capability before the event to maximize the benefits of the educational training.
What seems to be appealing is the sharing of actual cases; but they usually do that once a year or once every six months, and the cases might be time-sensitive, so their reference values were no longer that great.
I think the training should be divided into different levels; this will make it easier for lecturers to prepare and the audience would not have that much trouble listening. But since they don’t have many courses right now, dividing them into different levels might be a bit strange too.
Good Use of Third-Party Roles to Increase Exchanges and Interactions in the Industry
For suggestions on future developments, alliance members think that private enterprises can develop in two directions, internally and externally. Externally, TWCERT/CC can make good use of its third-party neutral role and work as a bridge in the industry, allowing industries to have the opportunities to share their experiences and increase mutual cooperation or exchange information. As for internally, an information security guideline should be formulated for private enterprises to use as reference. Since enterprises might not necessarily know about the risks or demands for information security within the enterprise, they usually have internal support in order to implement information security protection. If TWCERT/CC can provide industrial specifications as a reference, not only will this help increase people’s awareness of TWCERT/CC, it can also help industries improve information security literacy.
TWCERT/CC should host events and bring information security companies together to share experiences they encountered; they can achieve this with the third-party role that they play. Cooperation and exchanges will allow everybody to grow together.