What is an Information Sharing and Analysis Organization (ISAO)?
With malware, ransomware, and cyberattacks becoming more frequent and sophisticated, organizations saw a need for access to the latest intelligence to defend their data from threats. To meet that need, the Obama Administration issued a 2015 Executive Order directing the Department of Homeland Security (DHS) to create the Information Sharing and Analysis Organization Standards Organization. The ISAO SO develops best practice standards and guidelines for ISAOs to protect against cyber threats.
An ISAO is a community of businesses and organizations that work together for the safety of their specific industry and the global economy. They gather data about cybersecurity threats and share it with their members to raise awareness and provide actionable information to help reduce the risk of attack.
Why Are ISAO's Important?
For starters, IT professionals have the advantage of not being alone in the cybersecurity battle. Secondly, information is power, especially when it comes to cybersecurity. By exchanging cyber threat information, organizations leverage their collective knowledge and make more informed decisions. Lastly, the information sharing facilitated by ISAOs helps organizations respond more quickly to attacks and prevent disruptions, which slows a cyberattack's ability to spread.
What Does Information from an ISAO Look Like?
One important responsibility of an ISAO is to take threat information and match it to the profile of each organization member to send them relevant alerts. Members get alerts through various channels, including email. They can also log in to the ISAO’s website and access a forum where they can share threat information, coordinate response efforts, and ask questions within a community of industry experts to help them thwart data breaches. Specific information a member might receive could include cybersecurity trend reports, targeted alerts based on a member’s industry, and research from other members.
How Do ISAOs Differ From ISACs?
Information Sharing and Analysis Centers (ISACs) are nonprofit organizations that gather information on cyber threats and cybercriminal activities and share them with critical infrastructures. They also provide two-way sharing of information between the private and public sector. Many ISACs come with membership fees and have dedicated security operation centers for monitoring cyber threats on a global scale.
Much like an ISAC, an ISAO shares information security data between public and private sectors, but the ISAC focuses solely on vulnerabilities in industries that are considered critical infrastructures—such as healthcare, automotive, manufacturing, and information technology—while an ISAO works with communities of interest or membership organizations.
What is Threat Intelligence and How Does It Play a Role in ISAO?
Threat intelligence is information that helps organizations identify and protect computer systems and networks against cyber threats. The role of an ISAO is to assess vulnerabilities and create threat intelligence reports that provide detailed information about a particular attack. These reports provide context such as who’s attacking, what their motives and capabilities are, and what threat indicators to look for. All of this information helps IT and cybersecurity teams make more informed decisions.
If working with organizations to protect their data sounds like an exciting career field, getting an online bachelor’s degree in IT or cybersecurity from WGU will help you get the computer experience and skills you need to get started.