What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

Information Sharing and Analysis Organizations were created to make cyber threat data and best practices more accessible than with Information Sharing and Analysis Centers, but results are mixed.

ISAC and ISAO definition

An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups.

ISACs were established under a presidential directive in 1998 to enable critical infrastructure owners and operators to share cyber threat information and best practices. Besides being sector specific, most ISACs are comprised of large companies with a different set of priorities and challenges than a vast majority of smaller organizations and entities, according to Michael Echols, CEO of the International Association of Certified ISAO's (IACI) at the Kennedy Space Center.

Many ISACs are well resourced, come with membership fees and have infrastructure and full-fledged security operations centers for monitoring threats on a global scale. The National Council of ISACs currently lists 21 member ISACs including those for the financial, automotive, energy, aviation, communication and defense industrial base sectors.

Information Sharing and Analysis Organizations (ISAOs) are the result of a White House directive to promote voluntary cyber threat information sharing within industry sectors. In February 2015, President Obama signed an executive order directing the U.S. Department of Homeland Security (DHS) to encourage development of ISAOs for private companies, non-profits, government departments, and state, regional and local agencies.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!