An Information Sharing & Analysis Organization, according to the ISAO Standards Organization, is any group of individuals or organizations established for purposes of collecting, analyzing and disseminating cyber or relevant information in order to prevent, detect, mitigate, and recover from risks, events or incidents against the confidentiality, integrity, availability and reliability of information and systems.
According to the Critical Infrastructure Information ACT of 2002 and Executive Order 13691 – Promoting Private Sector Cyber Security Information Sharing the term “Information Sharing and Analysis Organization,” or ISAO, means any entity or collaboration created or employed by public- or private-sector organizations, for purposes of—
- gathering and analyzing critical cyber and related information in order to better understand security problems and inter-dependencies related to cyber systems, so as to ensure their availability, integrity, and reliability;
- communicating or disclosing critical cyber and related information to help prevent, detect, mitigate, or recover from the effects of an interference, compromise or incapacitation problem related to cyber systems; and
- voluntarily disseminating critical cyber and related information to its members; federal, state and local governments; or any other entities that may be of assistance in carrying out the purposes specified above.
The Community Cyber Security Maturity Model (CCSMM) was developed by the Center for Infrastructure Assurance & Security (CIAS) at the University of Texas at San Antonio (UTSA).
A team within the Center for Infrastructure Assurance & Security (CIAS) at the University of Texas at San Antonio (UTSA) leads the CIAS ISAO efforts to improve the overall security of state and community infrastructures. Enforcing the concepts of protecting essential cyber and physical assets while improving information gathering and sharing initiatives is the goal of the CIAS.
The establishment of Information Sharing and Analysis Organizations (ISAOs) allows communities of interest to share cyber threat information with each other on a voluntary basis. ISAOs may also, if they choose, participate in existing federal cybersecurity information sharing programs, providing access to near-real-time cyber threat indicators. The goal is to create deeper and broader networks of information sharing nationally that foster the development and adoption of automated mechanisms for the sharing of information to elevate the security of the nation.