Request for Comment: Closes August 17, 2018
The Information Sharing and Analysis Organization Standards Organization (ISAO SO) recently released a new document for public comment, ISAO 300-2: Automating Cyber Threat Intelligence Sharing. Members of the community have until midnight on August 17, 2018 to provide comments on this draft publication posted on the ISAO.org website on July 18, 2018. To provide comments, click here.
ISAO 300-2 provides a description and implementation guideline for automating key elements of the cyber threat intelligence life-cycle process of collection, identification, ingesting, processing, and correlation to establish derived actions. The document is targeted at organizations wanting to automate and use cyber threat intelligence processes for defending their enterprise. ISAO 300-2 is equally useful to ISAOs that are participating or considering participating in automated sharing efforts, as well as ISAO members.
This document comprises a technical discussion and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its utilization in mitigating cybersecurity risks. Intelligence efforts have been generally characterized as strategic, operational, or tactical. This guide is focused on the area of tactical intelligence utilization that can benefit an enterprise and is dependent on an information-sharing ecosystem that can support automated sharing of cyber threat intelligence.
The ISAO SO has published ten voluntary guideline documents since September 2016 on ISAO.org, with several other documents currently in development to be published later this year. These publications were developed with the support of industry experts across all sectors in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing an analysis related to cybersecurity risks, incidents, and best practices.