ISAO Standards Organization Releases Initial Voluntary Guidelines for ISAOs

San Antonio, TX—The Information Sharing and Analysis Organization Standards Organization (ISAO SO) published four initial voluntary guideline documents today on isao.org. These publications were developed with the support of over 160 industry experts in response to Presidential Executive Order 13691 to provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices. The initial documents published today include:

“The information sharing ecosystem takes a big step forward with today’s publications,” explained Dr. Greg White, Executive Director of the ISAO SO. “The ISAO SO, supported by a dedicated cadre of volunteers, aims to grow the information sharing community and equip it with the tools needed to improve the cybersecurity posture of all communities of interest across the nation. The publication of these documents represents the collaboration of over 160 experts from industry, government, and academia, combined with the input and feedback of the public.”

The ISAO SO, led by the University of Texas at San Antonio (UTSA) with support from LMI and R-CISC, is a non-governmental organization established in October 2015 to facilitate the implementation of Presidential Executive Order 13691, “Promoting Private Sector Cybersecurity Information Sharing.” The ISAO SO created working groups composed of industry, government and academic experts to lead the development of the guidelines published today.

“Today’s publications provide the cornerstones to build out an information sharing ecosystem at unprecedented scale,” said Rick Lipsey, Deputy Director of the ISAO SO. “However, they are just the beginning. The ISAO SO is helping the community to evolve a consensus-based corporate body of knowledge. We anticipate updating and expanding these guidelines based on feedback from their implementation. The ISAO Series will evolve in the coming months to serve the community with additional publications that will allow all organizations and individuals to better defend themselves against emerging cyber threats.”

Public feedback was vital to the creation of these publications. Working Groups received comments and feedback from public online meetings, in-person public forums and Request for Comment periods for previous drafts. Comments were considered and adjudicated in an open and transparent consensus-based development process.

“The collaboration and input by the tremendous team of experts that have contributed to the Working Groups is a testament to the need to work together,” said Brian Engle, Advisory Partner for the ISAO SO. “The issues of cybersecurity and the threats to our nation and the global economy require the sharing of information in ways that ISAO’s will be well suited to accomplish. As the leader of a sharing organization that formed almost two years ago, I can say that the considerations provided by these initial guidelines will be extremely helpful in supporting the success of forming ISAO’s, and the continued work of the ISAO SO will be pivotal in the development of the cybersecurity information sharing ecosystem.”

The ISAO SO will host its next online public meeting on October 20th at 1pm CT. This meeting will address upcoming publications, a national information sharing conference for 2017, and feature a question and answer session with ISAO SO leadership.