Form an Information Sharing and Analysis Organization!
Information Sharing and Analysis Organizations (ISAOs) are emerging across society. ISAOs are promoted by Executive Order 13691 and the Department of Homeland Security, and aided by the Cybersecurity Information Sharing Act of 2015 (CISA). It is national policy and strategy to engage in cyber threat information sharing to improve the nation’s resilience and preparedness for cyber-attacks. The ISAO Standards Organization has promulgated best practices and guidance concerning ISAO activities, including a call to governments at all levels to “enable, partner and support” the activities of private sector ISAOs. And, the National Cyber Incident Response Plan (NCIRP) takes an approach that incorporates the private sector in the national plan for addressing cyber-attacks.
Here are some types of services that ISAOs perform for their communities:
- Hold business round-tables to inform corporate decision-makers on risks
- Establish training programs for operational information technology professionals on threat hunting
- Set up and administer a Threat Intelligence Platform (TIP)
- Plan a Social Media Strategy for outreach to other community members
- Identify local professionals that provide specialized services for network and computer defense
- Online Tutorials
Here are some Toolkit Resources you can use for your Community:
- Threat Intelligence Resources
- Selecting a Threat Intelligence Platform