What is an ISAO?
An Information Sharing & Analysis Organization, according to the ISAO Standards Organization, is any group of individuals or organizations established for purposes of collecting, analyzing and disseminating cyber or relevant information in order to prevent, detect, mitigate, and recover from risks, events or incidents against the confidentiality, integrity, availability and reliability of information and systems.
According to the Critical Infrastructure Information ACT of 2002 and Executive Order 13691 – Promoting Private Sector Cyber Security Information Sharing the term “Information Sharing and Analysis Organization,” or ISAO, means any entity or collaboration created or employed by public- or private-sector organizations, for purposes of—
- gathering and analyzing critical cyber and related information in order to better understand security problems and inter-dependencies related to cyber systems, so as to ensure their availability, integrity, and reliability;
- communicating or disclosing critical cyber and related information to help prevent, detect, mitigate, or recover from the effects of an interference, compromise or incapacitation problem related to cyber systems; and
- voluntarily disseminating critical cyber and related information to its members; federal, state and local governments; or any other entities that may be of assistance in carrying out the purposes specified above.