The document ISAO 100-2: Guidelines for Establishing an Information Sharing and Analysis Organization provides a set of guidelines for establishing an ISAO. First, a set of key strategic planning factors is provided to help emerging ISAOs consider the most critical questions early in the process. These strategic planning factors will then guide and inform consideration of a series of key operational factors. Finally, a section on building a trusted community offers a set of key considerations for establishing trust. Trust is critical to establishing a successful ISAO with active participation and cybersecurity information sharing among members.
As a set of guidelines and key considerations, this document is not prescriptive in nature. Instead, the document guides the reader through the most critical items to consider. Establishing an ISAO that meets the needs of a growing membership is an iterative process, and these guidelines are intended to help organizers establish an ISAO and evolve it to keep in step with its members’ changing needs.