When was IT-ISAC Established?
IT-ISAC was established by leading Information Technology Companies in 2000 and achieved operational capability in 2001.
Who owns IT-ISAC?
IT-ISAC is a 501C6 Members Organization, governed by a board of members comprised of leading technology companies of all sizes from across the globe.
How can IT-ISAC provide value to my company?
IT-ISAC is more than another threat feed. We are a growing community of companies dedicated to actively collaborating to address cybersecurity challenges. Subject-matter experts from the world’s leading technology companies regularly discuss common security challenges, threats, and effective practices. A more complete set of member benefits is available at:
Does IT-ISAC receive government funding?
No. We are 100% funded by our members. For more information about our members, please visit:
Can companies outside the U.S. become members or
is membership limited to only U.S. based companies?
Yes, although when IT-ISAC was first formed it limited its membership to U.S. companies. Today, IT-ISAC has members from across the globe. The cyber threat is global, and so is our membership.
I hear ISACs don’t share much information, is this true?
This is not true for IT-ISAC. In fact, thousands of indicators are shared each week through our threat intelligence platform. However, the IT-ISAC is about more than indicator sharing. It is about collaboration among the members. Participation in trusted forums for sharing and receiving cyber-threat information with peer companies is increasingly recognized as a sound security practice and is a practice encouraged by many policymakers and regulators. Policymakers and regulators across the globe have taken an interest in cyber-threat information-sharing and are actively encouraging companies to participate in such forums.
What relationships does IT-ISAC have with organizations outside the U.S.?
IT-ISAC members operate globally, as the cyber threat is global. Therefore, IT-ISAC is actively pursuing opportunities to increase its participation in international cybersecurity forums and to formalize partnerships with private-sector organizations outside of the U.S. IT-ISAC is a member of FIRST, and provides FIRST members a daily open source cyber-threat report. IT-ISAC is also in active discussions with the ICT ISAC Japan and is committed to increasing its international engagement. In addition, IT-ISAC
provides thought leadership at conferences throughout
Does IT-ISAC partake in automated information sharing?
Yes. We receive automated feeds from DHS and leverage TruSTAR Technology’s threat intelligence platform for automated sharing with members. The platform uses the STIX/TAXII protocols and also enables automated connections through APIs. The platform is designed to work with any STIX/TAXII enabled product. Further, every indicator IT-ISAC receives is submitted into this platform so that members can pull them through an automated connection.
Will joining IT-ISAC stop my company from being attacked?
While IT-ISAC membership does not make a company immune from an attack, membership in IT-ISAC is one important component of having a robust cyberrisk strategy. IT-ISAC membership provides access to indicators from across the globe and access to some of the leading subject-matter experts in the world’s leading technology companies.
What’s the difference between an ISAC and an ISAO?
While the development of ISAOs is a new initiative, ISACs have been embedded in U.S. policy since the 1990s. ISACs were formed with a specific focus to enable sharing, collaboration, and incident responses within specific critical infrastructure sectors. Most ISACs, including IT-ISAC, have been designated by their sectors through the National Infrastructure Protection Plan as the sector’s
organization for operational information sharing and analysis. IT-ISAC has served this role for the IT sector since its founding in 2000. ISACs also have developed information-sharing relationships across the ISAC community through the National Council of ISACs.
How can I join?
All members are required to complete an application and sign the IT-ISAC Member Agreement. Companies interested in joining should contact to obtain these documents and for more information.
What is the relationship between IT-ISAC and DHS?
As a result of our role as the organizational lead for the IT sector on operational information sharing and analysis, IT-ISAC has always valued a strong working relationship with DHS. We participate in several DHS information sharing initiatives and consult with DHS on ways to enhance cyber-threat information sharing. However, DHS is not an IT-ISAC member and we do not share member information with DHS unless that member has given us permission to share specific