What is an Information Sharing and Analysis Organization (ISAO)?
An Information Sharing and Analysis Organization is a public or private entity that is formed for the purpose to gather, analyze, communicate and voluntarily disseminate to its members cyber related information to better understand cybersecurity threats and problems, and increase the member’s ability to prevent, mitigate or recover from the effects of an attack.
SMB ISAO Receives Information Sharing Hall of Fame Award
TYSONS CORNER, VIRGINIA (Sept. 12, 2018) – The SMB ISAO has been recognized as an Information Sharing Hall of Fame Award organizational winner for their commitment to advancing information… Read More
Information Sharing for the Small Business CommunityJust as its name implies, the SMB iSAO provides members with reports and critical alerts that are identified from within the SMB iSAO community or fed from U.S. Government sources. This provides our members with some of the most up-to-date threat information that they can use to protect themselves, that otherwise would be unaffordable. As participants, SMB iSAO members are sharing threat indicators for analysts to research, scrub, and anonymize—which yields actionable intelligence for dissemination in real-time. In turn, the SMB iSAO provides an anonymous, encrypted, U.S DHS approved channel to report cyber threat information such as a hack or social engineering. This allows the small business owner a validated means of reporting a cybersecurity event ensuring that, by sharing, they are helping other small businesses stay protected, but more importantly, invoking critical protections under the CISA*.
Why is Information Sharing so Critical?Organizations engaged in information sharing, related to cybersecurity risks and incidents, play an invaluable role in elevating the collective cybersecurity of businesses across America—even the U.S. as a whole. That is why ISAOs were authorized in the CISA legislation: to address the critical trust gap between industry and the government. Additionally, critical protections were mandated by law to protect those companies that share their hacking information in order to invoke trust and sharing to include anonymity when reporting. When ISAO members share breach information through the appropriate channels, SMB iSAO members are afforded under the CISA* to include protection from:
- Tort litigation
- State and local disclosure laws, including FOIA requests
- Government enforcement actions as a result of breach disclosure
- Disclosure of Intellectual Property and Trade Secret Information
What are the Benefits for Small and Mid-Sized Business?For the small price of a membership, belonging to the SMB iSAO brings critical advantages to the small business owner that cannot be overlooked in terms of their importance to business survival.
- An SMB iSAO membership demonstrates that the business owner is actively involved in cybersecurity. To show the member’s involvement, we provide a membership certification and seal for your website, and a unique membership identifier code to associate the member’s shared information without disclosing the member or their organization.
- An SMB iSAO membership and sharing of threat related intelligence also offer special protections under the CISA* against litigation and enforcement action.