Category Archives: ISAO

Truth, Trust and Cybersecurity Risk

Posted on April 6, 2020 by C. Warren Axelrod

It is a sad reflection on the times, but it is becoming increasingly difficult to distinguish among true and false “facts,” accurate and misleading interpretations, and personal and politically-expedient beliefs. In my November 11, 2019 Blo… Continue reading Truth, Trust and Cybersecurity Risk→

Posted in CISO Suite, coronavirus, cybersecurity risk, General, Governance, Risk & Compliance, ISAC, ISAO, risk analysis, Security Bloggers Network, Security Metrics, Spotlight

Religious groups find their calling in threat sharing

Posted on September 11, 2018 by Sean Lyngaas

When it comes to protecting faith-based organizations from hackers, divine intervention will only get you so far. Congregations, like any other collection of people, can benefit from trading threat intelligence to mitigate the spread of malware. With that in mind, religious groups recently became the latest sector to create a threat-sharing hub by setting up the Faith-Based Information Sharing and Analysis Organization (FB-ISAO). Citing growing threats to donor data and religious websites, the FB-ISAO’s backers said it will fill a void by working with technology vendors to offer faith-based groups threat analysis and make them more resilient to attacks. The organization, founded in June but publicized on Monday, is open to American citizens of all faiths. Among the FB-ISAO’s services, promoted on its website, is a “simple, sensor-informed system and an intuitive user interface that integrates threat intelligence directly with your network. You won’t have to purchase high-cost equipment or software.” Many faith-based groups collect information […]

The post Religious groups find their calling in threat sharing appeared first on Cyberscoop.

Continue reading Religious groups find their calling in threat sharing→

Posted in faith-based groups, Information Sharing, ISAO, religious groups, Technology, threat intelligence

New certification planned for industry information sharing orgs

Posted on November 1, 2017 by Shaun Waterman

The voluntary cyberthreat information-sharing groups (ISAOs) would have to meet certain baseline standards and would be able to seek third-party certification of their capabilities under a proposal unveiled Wednesday. Third-party verification is essential for scalability of trusted information-sharing, explained Gregory White, executive director of the Information Sharing and Analysis Organization Standards Organization, or ISAO-SO. “When we have thousands of ISAOs out there, how the heck do I know who I can trust?” asked White, a University of Texas San Antonio computer science professor. He compared certification to the security clearance individuals need to access classified information. “Because you have that clearance, I know certain things about you have been verified by a trusted third party … I know I can trust you with certain kinds of information,” he said, adding it was a scalable alternative to developing face-to-face or individual trust relationships. But he acknowledged the move would prove controversial among ISAOs, […]

The post New certification planned for industry information sharing orgs appeared first on Cyberscoop.

Continue reading New certification planned for industry information sharing orgs→

Posted in certification, Government, Information Sharing, ISACs, ISAO, Technology