SHOULD MY BUSINESS SHARE CYBER INCIDENT
DATA with an ISAC or ISAO?
As a business owner, you should prepare for when a cyber incident will occur. Your business is not immune
from an event, and successful resilient businesses have a plan in place to respond effectively. One tool to
respond is to share what happened with an ISAC/ISAO.
ISACs AND ISAOs
Information Sharing and Analysis Centers (ISACs) are a type of Information Sharing and Analysis Organization
(ISAO) - which are communities of interest whose members voluntarily share cybersecurity information with
each other. A good analogy for an ISAO is the neighborhood watch model. In a neighborhood watch, communities
build trust, and share information and best practices with each other to increase their individual and collective
security. All neighborhood watches share a foundational idea that bringing communities together promotes an
increased quality of life and reduces crime.
An ISAO serves the same purpose, connecting your business to a larger community, which may be in the same
industry, or region that proactively share information on cyber threats and incidents, as well as best practices.
Through coming together, ISAOs help build trust relationships among their membership; enhance understanding
of cyber threats and ways to address vulnerabilities in your organization that could be affected; and help you
understand how to respond to a cyber incident at your organization. The overall affect shares a foundational idea
as a neighborhood watch – that through these community efforts the quality of each ISAO member’s condition
improves, and cybercrimes can be prevented. The National Cybersecurity Society is an ISAO for small business
and is connected to other ISAOs in industries and regions across the United States. To learn more about the
benefits of an ISAO, see: https://www.isao.org/about/.
Did you know….
✓ Becoming a member of the NCSS automatically enrolls your business in an ISAO and affords your
organization protection from liability and litigation matters as long as the incident was reported via the
NCSS portal.
✓ NCSS reports the incident anonymously to the Department of Homeland Security to enhance
prevention and protection activities.
✓ Yes, you should share with NCSS!
Download a PDF of this fact sheet.
Still have questions, need help?
Contact us at our “Ask-an-Expert” service, web@thencss.org or visit us at the link below.
©2018 National Cybersecurity Society, All Rights Reserved
www.nationalcybersecuritysociety.org
JOIN THE NCSS
Become a member of The National Cybersecurity Society today and learn more about how to
protect your business from a cyber attack.
About The National Cybersecurity Society
The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity
education, awareness and advocacy to small businesses. The NCSS provides cybersecurity
education tailored to the needs of the small business owner; helps small businesses assess their
cybersecurity risk; distributes threat information to business owners so that they will be more
knowledgeable about the threats facing their business; and provides advice on the type of services
needed to stay safe online.
-
FACT-ISAC_ISAO-FINAL.pd.pdf 705.2 K
Comments