The purpose of this document is to provide an introduction to cybersecurity information sharing. The intent is to provide a foundation for those trying to understand the basics of information sharing as it relates to Information Sharing and Analysis Organizations (ISAOs). This document describes a conceptual framework for information sharing, information sharing concepts, the types of cybersecurity information an organization may want to share, ways an organization can facilitate information sharing, as well as privacy and security concerns to be considered.
Information sharing is intended to help those managing and operationally mitigating cybersecurity risks. The nature of cybersecurity has and will continue to evolve over time. Information sharing efforts should also evolve to keep pace with changes in the cybersecurity landscape. This document provides the reader with basic information on topics and capabilities involved in cybersecurity information sharing. Additionally, it offers elements of a cybersecurity information sharing program for those considering forming a new ISAO as well as for existing ISAOs that are reviewing how to further align with their member needs.
If you are having trouble viewing this document, we recommend either saving the document before opening it or switching to a different browser.
If you have any comments or suggestions relating to this document, you may submit them using our published product comment form.