An Information Sharing and Analysis Organization is a public or private entity that is formed for the purpose to gather, analyze, communicate and voluntarily disseminate to its members cyber related information to better understand cybersecurity threats and problems, and increase the member’s ability to prevent, mitigate or recover from the effects of an attack.
SAN ANTONIO, TEXAS (Aug. 22, 2019) – Bonnie Moss, executive director of the SMB ISAO, has been recognized as an Information Sharing Hall of Fame Award winner for being identified as a notable leader and visionary …. Read More
TYSONS CORNER, VIRGINIA (Sept. 12, 2018) – The SMB ISAO has been recognized as an Information Sharing Hall of Fame Award organizational winner for their commitment to advancing information sharing among organizations and their overall impact on the information sharing ecosystem…. Read More
Just as its name implies, the SMB iSAO provides members with reports and critical alerts that are identified from within the SMB iSAO community or fed from U.S. Government sources. This provides our members with some of the most up-to-date threat information that they can use to protect themselves, that otherwise would be unaffordable. As participants, SMB iSAO members are sharing threat indicators for analysts to research, scrub, and anonymize—which yields actionable intelligence for dissemination in real-time.
In turn, the SMB iSAO provides an anonymous, encrypted, U.S DHS approved channel to report cyber threat information such as a hack or social engineering. This allows the small business owner a validated means of reporting a cybersecurity event ensuring that, by sharing, they are helping other small businesses stay protected, but more importantly, invoking critical protections under the CISA*.
Organizations engaged in information sharing, related to cybersecurity risks and incidents, play an invaluable role in elevating the collective cybersecurity of businesses across America—even the U.S. as a whole. That is why ISAOs were authorized in the CISA legislation: to address the critical trust gap between industry and the government. Additionally, critical protections were mandated by law to protect those companies that share their hacking information in order to invoke trust and sharing to include anonymity when reporting. When ISAO members share breach information through the appropriate channels, SMB iSAO members are afforded under the CISA* to include protection from:
These protections ensure that small businesses are protected and shielded when they act as an ISAO member to improve their security through information sharing. But these protections are not invoked unless the hack information is shared.
Membership in the SMB iSAO shows customers and partners that the member is actively involved in addressing the cybersecurity threat against small businesses and that the member participates in a professional, sanctioned ISAO. Membership provides certification, a membership seal, and monthly reports.
Membership in the SMB iSAO provides the business owner monthly reports that provide insight into the latest threats against small businesses and recommendations for mitigation and resolution. When there are significant cybersecurity threats, critical alerts are sent out to all members alerting them to the threat.
By participating in the SMB iSAO, businesses receive critical legal protections such as shielding from tort litigation and state and local disclosure laws, that are not available through insurance companies or other organizations. These protections are designed to increase the trust factor between industry and government and protect the SMB owner.
For the small price of a membership, belonging to the SMB iSAO brings critical advantages to the small business owner that cannot be overlooked in terms of their importance to business survival.
By participating in the SMB iSAO information sharing community, businesses are afforded protection under the CISA* against tort litigation, state and local disclosure laws and government enforcement actions. These protections, available through CISA compliant breach reporting, are not available through insurance companies or other organizations. These protections are designed to increase the trust factor between industry and government and protect the SMB owner.
*The CISA is subject to change and interpretation.