Fandom

The IT Law Wiki

Information Sharing and Analysis Organization

32,196pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

An Information Sharing and Analysis Organization (ISAO) is

[a]ny formal or informal entity or collaboration created or employed by public or private sector organizations for purposes of:

Overview Edit

"The ISAOs are intended to be: Inclusive (groups from any and all sectors, both non-profit and for-profit, expert or novice, should be able to participate in an ISAO); Actionable (groups will receive useful and practical cybersecurity risk, threat indicator, and incident information via automated, real-time mechanisms if they choose to participate in an ISAO); Transparent (groups interested in an ISAO model will have adequate understanding of how that model operates and if it meets their needs); and Trusted (participants in an ISAO can request that their information be treated as Protected Critical Infrastructure Information. Such information is shielded from any release otherwise required by the Freedom of Information Act or State Sunshine Laws and is exempt from regulatory use and civil litigation if the information satisfies the requirements of the Critical Infrastructure Information Act of 2002 (6 U.S.C. §§131 et seq.))."[2]

The ISAOs are intended "to accommodate organizations that do not fit within an established sector of the critical infrastructure or that have unique needs. ISAOs are intended to provide such organizations with the same benefits of obtaining cyber threat information and other supporting services that are provided by an ISAC."[3]

References Edit

  1. Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-3; see also 6 U.S.C. §131(5).
  2. Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at .
  3. Best Practices for Victim Response and Reporting of Cyber Incidents, at 5-6.

Also on Fandom

Random Wiki