FAQ

When was IT-ISAC Established?

IT-ISAC was established by leading Information Technology Companies in 2000 and achieved operational capability in 2001.

Who owns IT-ISAC?

IT-ISAC is a 501C6 Members Organization, governed by a board of members comprised of leading technology companies of all sizes from across the globe.

How can IT-ISAC provide value to my company?

IT-ISAC is more than another threat feed. We are a growing  community of companies dedicated to actively collaborating to address cybersecurity challenges. Subject-matter experts from the world’s leading technology companies regularly discuss common security challenges, threats, and effective practices. A more complete set of member benefits is available at:
www.it-isac.org/benefits

Does IT-ISAC receive government funding?

No. We are 100% funded by our members. For more information about our members, please visit: 

 www.it-isac.org/members

Can companies outside the U.S. become members or
is membership limited to only U.S. based companies?

Yes, although when IT-ISAC was first formed it limited its membership to U.S. companies. Today, IT-ISAC has members from across the globe. The cyber threat is global, and so is our membership.

I hear ISACs don’t share much information, is this true?

This is not true for IT-ISAC. In fact, thousands of indicators are shared each week through our threat intelligence platform. However, the IT-ISAC is about more than indicator sharing. It is about collaboration among the members. Participation in trusted forums for sharing and receiving cyber-threat information with peer companies is increasingly recognized as a sound security practice and is a practice encouraged by many policymakers and regulators. Policymakers and regulators across the globe have taken an interest in cyber-threat information-sharing and are actively encouraging companies to participate in such forums.

What relationships does IT-ISAC have with organizations outside the U.S.?

IT-ISAC members operate globally, as the cyber threat is global. Therefore, IT-ISAC is actively pursuing opportunities to increase its participation in international cybersecurity forums and to formalize partnerships with private-sector organizations outside of the U.S. IT-ISAC is a member of FIRST, and provides FIRST members a daily open source cyber-threat report. IT-ISAC is also in active discussions with the ICT ISAC Japan and is committed to increasing its international engagement. In addition, IT-ISAC
provides thought leadership at conferences throughout
the world.

Does IT-ISAC partake in automated information sharing?

Yes.  We receive automated feeds from DHS and leverage TruSTAR Technology’s threat intelligence platform for automated sharing with members. The platform uses the STIX/TAXII protocols and also enables automated connections through APIs. The platform is designed to work with any STIX/TAXII enabled product. Further, every indicator IT-ISAC receives is submitted into this platform so that members can pull them through an automated connection.

Will joining IT-ISAC stop my company from being attacked?

While IT-ISAC membership does not make a company immune from an attack, membership in IT-ISAC is one important component of having a robust cyberrisk strategy. IT-ISAC membership provides access to indicators from across the globe and access to some of the leading subject-matter experts in the world’s leading technology companies.

What’s the difference between an ISAC and an ISAO?

While the development of ISAOs is a new initiative, ISACs have been embedded in U.S. policy since the 1990s. ISACs were formed with a specific focus to enable sharing, collaboration, and incident responses within specific critical infrastructure sectors. Most ISACs, including IT-ISAC, have been designated by their sectors through the National Infrastructure Protection Plan as the sector’s
organization for operational information sharing and analysis. IT-ISAC has served this role for the IT sector since its founding in 2000. ISACs also have developed information-sharing relationships across the ISAC community through the National Council of ISACs.

How can I join?

All members are required to complete an application and sign the IT-ISAC Member Agreement. Companies interested in joining should contact our Executive Director, Scott Algeier, at salgeier@it-isac.org to obtain these documents and for more information.

What is the relationship between IT-ISAC and DHS?

As a result of our role as the organizational lead for the IT sector on operational information sharing and analysis, IT-ISAC has always valued a strong working relationship with DHS. We participate in several DHS information sharing initiatives and consult with DHS on ways to enhance cyber-threat information sharing. However, DHS is not an IT-ISAC member and we do not share member information with DHS unless that member has given us permission to share specific
information.

© 2020 by Informaton Technology-Information Sharing and Analysis Center.
  • YouTube