Have you ever considered writing cybersecurity related articles, but never seem to find the time? The Information Sharing and Analysis Organization Standards Organization (ISAO SO) is looking for new Working Group (WG) members willing to share their knowledge with our growing ecosystem. The members are busy developing the next set of future documents, so stay tuned for a new production schedule with details on yet more documents being published before the end of the year.
Want to learn more about us? The ISAO SO is a non-governmental organization established October 1, 2015, and led by the University of Texas at San Antonio (UTSA) with support from LMI, and the Retail-Cyber Intelligence Sharing Center (R-CISC). The organization works to improve the Nation’s cybersecurity posture by writing guidelines for robust and effective information sharing related to cybersecurity risks/incidents and cybersecurity best practices. We work with existing information sharing organizations, owners and operators of critical infrastructure, government agencies, and other public and private sector stakeholders through a voluntary consensus standards development process to identify a common set of voluntary standards for the creation and functioning of ISAOs. The core developers are volunteers from across the cybersecurity spectrum who bring their knowledge and passion to serve the greater good.
Interested in being a part of our community? Please fill out the application located on the Join a Working Group page. Want to ask questions about some of the documents currently in development? Feel free to Contact Us and a member of the ISAO SO support team will reply.
There are currently seven working groups developing guidelines:
WG1 ISAO Creation
Identify and capture the elements necessary for an interested organization to stand up an ISAO. These elements will serve as the basis for creating an ISAO and will have enough flexibility in design to fit the needs of diverse interested organizations.
WG2 ISAO Capabilities & Services
Identify and capture the capabilities necessary for an interested organization to effectively operate an ISAO. These capabilities will support day-to-day operation of the ISAO and support its main function: to share and receive cyber information in a timely and effective manner. Capabilities must allow for the most basic ISAO and also support more sophisticated organizations.
WG3 Information Sharing
Identify and capture the types of information, techniques, considerations, architecture and methods necessary for an interested organization to effectively share cyber information such as threat indicators, vulnerabilities, and best practices within an ISAO or externally.
WG4 Privacy and Security
Identify and capture the steps required to safeguard proprietary and privacy related information. Detail the processes and procedures needed to prevent unauthorized access to or release of information. Address how to meet federal, state, local, and tribal laws regarding privacy.
WG5 International Sharing
Provide ISAOs with the knowledge required to make informed decisions regarding the sharing of cybersecurity information across national borders and the addition of international members. Discuss and address the advantages, obstacles, and global restrictions that may impact how ISAOs operate.
This working group will identify and address issues associated with ISAO interactions with the intelligence community, law enforcement, U.S. regulators, and Homeland Security. Role at Federal, State, Tribal and Local levels; identify obstacles, incentives, privacy laws, trust, policies, law and regulations, and agency resources.
Identify and address methods and associated issues regarding analyzing indicators with respect to Information Sharing and Analysis Organizations. Requirement development, information cycle, processes, evaluating, and reporting of cybersecurity information and threat intelligence.