The primary purpose of an information sharing and analysis organization (ISAO) is to establish a mechanism to enable public and/or private entities to collaborate to prevent, protect, mitigate, respond and recover from cyber threats or attacks. Cyber events have the potential to devastate organizations in seconds which makes information sharing paramount to timely response. (Sjelin & White, 2017)
Building an ISAO requires thorough planning and coordination with stakeholders and members. While creating an ISAO is a complex process, the various components and processes can be synthesized into the following six steps:
- Step 1 - Define the organization
- Step 2 - Building trust, security, and privacy
- Step 3 - Establishing core offerings
- Step 4 - Implementing services and capabilities
- Step 5 - Establish partnerships
- Step 6 - Continuous improvement
The CIAS-ISAO has developed a roadmap to help you establish an ISAO for your organization or community.
The Guidebook for Establishing an ISAO will aid you in defining the organization, which includes establishing a membership structure, selecting the organizational structure, governance and legal obligations, and considering your business model.
The second step identifies what is needed to build trust relationships between members, the members and the ISAO, and the ISAO and its partners or customers. This can be developed with the help of a security policy and established procedures.
The third step, establishing core offering, are built around the Information Sharing and Analysis Framework (ISAF). The Framework provides all ISAOs a structure for building and organizing the core offerings through six phases including planning, collection, analysis, dissemination, application and disposition. This step highlights the essential items that should be included when ISAOs are building their core offerings.
Step four highlights the additional services and capabilities one should consider in order to enhance the value proposition of joining your ISAO. It considers foundational, additional and unique services and capabilities offered by ISAOs.
Establishing partnerships is the core focus of step five. Partnerships assist ISAOs in strengthening the offerings they provide members. ISAOs should rely on a systematic approach for partnerships, because unstructured approaches are destined to fail. A successful approach to partnerships should leverage strategy, planning and operational phases.
The final step focuses on continuous improvement to measure progress and strive for continuous improvement to be competitive and/or compelling in the information sharing and analysis space. ISAOs should periodically assess services, capabilities, business plan, mission and vision through SWOT, risk analysis, quantitative pros and cons, cost/benefit analysis, force field analysis, and/or cash flow forecasts.
