Security practitioners also noted privacy protections are important and should be respected as part of any information sharing process.
IT security pros need to share non-personal information like IP addresses that used to launch targeted attacks, the addresses of command and control servers used to control botnets, or the indicators of a data breach or new malware program.
Such information can help companies and government agencies prepare stronger cyber defenses and gain a better understanding of emerging threats, said Wade Williamson, a senior security analyst at Palo Alto Networks.
The anti-virus industry has benefited substantially from sharing malware information with each other, Williamson said. But the industry lacks a standardized way to share compromise indicators and other information in a privacy-friendly manner, he said.
"Sharing threat intelligence and information on newly discovered attack techniques observed by other organizations and leveraging that information to improve and inform is of tremendous value," said Amit Yoran, general manager of the security management and compliance unit at RSA.
That task would require very detailed information on what is being shared, how it is being shared, with whom it is being shared and why. Organizations need to be able to describe clearly any information sharing process and how it could defend their organization against attacks, he noted.
Sign up for CIO Asia eNewsletters.