So You Want To Set-up an ISAC

Lots of business people walking in City. Beautiful morning sun l
Abstract image of human with computer and floating graphics.

Setting up an Information Sharing and Analysis Center (ISAC) is essential for organizations aiming to create a comprehensive and strategic approach to information security. The goal of the ISAC is to provide a platform for collaboration, best practice sharing, and threat intelligence among its members. Here are some key steps to establish an effective ISAC:

 

Abstract image of human with computer and floating graphics.
  1. Define Purpose and Scope: Clearly define the mission, objectives, and the scope of the ISAC. Decide on the types of threats and sectors it will focus on.
  1. Engage Stakeholders: Engage key stakeholders, both internal and external, to ensure that the ISAC has the support and participation of all necessary parties. This could include representatives from various business units, IT, legal, and external partners.
  1. Establish Governance: Define the structure of the ISAC. Decide on the roles and responsibilities of the council members, chairperson, vice-chairperson, etc. Also, create a charter or bylaws that describe how the ISAC will operate.
  1. Develop Membership Criteria: Determine who can become a member, the process of membership application, rights, responsibilities, and any membership fees if applicable.
  1. Secure Funding: The operations of an ISAC require financial resources. Determine your budget, sources of funding, and ensure a sustainable financial model.
  1. Determine Communication Channels: Establish the modes of communication for the council. This might include secure email lists, web portals, encrypted messaging apps, and regular meetings.
  1. Select Information Sharing Protocols: Develop guidelines for how information will be shared within the council, including procedures for anonymous sharing and mechanisms to ensure the confidentiality of shared data.
  1. Subscribe to Threat Intelligence Tools: Invest in tools and platforms that can facilitate the aggregation, correlation, and dissemination of threat intelligence.
  1. Conduct Training and Awareness: Organize regular training sessions and awareness programs for members. Ensure that all members understand the latest threat landscape, as well as best practices in information security.
  1. Engage External Experts: Occasionally, bring in external experts or speakers to provide fresh perspectives or specialized knowledge on specific security topics.
  1. Hold Regular Meetings: Schedule regular meetings for the council. This could be monthly, quarterly, or as needed based on the threat landscape.
  1. Review and Update Plans and Programs: Regularly review and update the council’s objectives, governance, and other protocols to ensure they remain relevant and effective.
  1. Establish Relationships with Other ISACs: Networking with other ISACs can provide broader insights and a more comprehensive understanding of threats across sectors and regions.
  1. Ensure Compliance With Laws & Regulations: Ensure that the council’s activities comply with all relevant regulations and laws. This might include data protection regulations, industry-specific compliance requirements, etc.
  1. Assist Members with Incident Response Planning: Create a plan to respond to major security incidents. This plan should include procedures for communication, coordination, and collaboration among members during and after an incident.

Establishing and maintaining an ISAC requires commitment, collaboration, and continual adaptation to the evolving threat landscape. With the right foundation and ongoing engagement, an ISAC can significantly enhance an organization’s or sector’s resilience to cybersecurity threats.

author avatar
Jane Ginn CTIN President & Co-Founder
Jane Ginn ~ As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn: www.linkedin.com/comm/mynetwork/discovery-see-all?usecase=PEOPLE_FOLLOWS&followMember=janeginn
Translate »