Frequently Asked Questions
When was IT-ISAC Established?
IT-ISAC was established by leading Information Technology Companies in 2000 and achieved operational capability in 2001.
Who owns IT-ISAC?
IT-ISAC is a 501C6 Members Organization, governed by a board of members comprised of leading technology companies of all sizes from across the globe.
What relationships does IT-ISAC have with organizations outside the U.S.?
IT-ISAC members operate globally, as the cyber threat is global. Therefore, IT-ISAC is actively pursuing opportunities to increase its participation in international cybersecurity forums and to formalize partnerships with private-sector organizations outside of the U.S. IT-ISAC is a member of FIRST, and provides FIRST members a daily open source cyber-threat report. IT-ISAC also has partnerships with the ICT ISAC Japan and the Taiwan Computer Emergency Response Team / Coordination Center and is committed to increasing its international engagement. In addition, IT-ISAC provides thought leadership at conferences throughout the world.
How can IT-ISAC provide value to my company?
IT-ISAC is more than another threat feed. We are a growing community of companies dedicated to actively collaborating to address cybersecurity challenges. Subject-matter experts from the world’s leading technology companies regularly discuss common security challenges, threats, and effective practices. A more complete set of member benefits is available at:
www.it-isac.org/benefits
Does IT-ISAC partake in automated information sharing?
Yes. We receive automated feeds from DHS and leverage the Community Edition of the Splunk Intelligence Management platform for automated sharing with members. The platform uses the STIX/TAXII protocols and also enables automated connections through APIs. The platform is designed to work with any STIX/TAXII enabled product. Further, every indicator IT-ISAC receives is submitted into this platform so that members can pull them through an automated connection.
Does IT-ISAC receive government funding?
No. We are 100% funded by our members. For more information about our members, please visit:
Will joining IT-ISAC stop my company from being attacked?
While IT-ISAC membership does not make a company immune from an attack, membership in IT-ISAC is one important component of having a robust cyberrisk strategy. IT-ISAC membership provides access to indicators from across the globe and access to some of the leading subject-matter experts in the world’s leading technology companies.
Can companies outside the U.S. become members or
is membership limited to only U.S. based companies?
Yes, although when IT-ISAC was first formed it limited its membership to U.S. companies. Today, IT-ISAC has members from across the globe. The cyber threat is global, and so is our membership.
I hear ISACs don’t share much information, is this true?
This is not true for IT-ISAC. In fact, thousands of indicators are shared each week through our threat intelligence platform. However, the IT-ISAC is about more than indicator sharing. It is about collaboration among the members. Participation in trusted forums for sharing and receiving cyber-threat information with peer companies is increasingly recognized as a sound security practice and is a practice encouraged by many policymakers and regulators. Policymakers and regulators across the globe have taken an interest in cyber-threat information-sharing and are actively encouraging companies to participate in such forums.
What’s the difference between an ISAC and an ISAO?
While the development of ISAOs is a new initiative, ISACs have been embedded in U.S. policy since the 1990s. ISACs were formed with a specific focus to enable sharing, collaboration, and incident responses within specific critical infrastructure sectors. Most ISACs, including IT-ISAC, have been designated by their sectors through the National Infrastructure Protection Plan as the sector’s
organization for operational information sharing and analysis. IT-ISAC has served this role for the IT sector since its founding in 2000. ISACs also have developed information-sharing relationships across the ISAC community through the National Council of ISACs.
How can I join?
All members are required to complete an application and sign the IT-ISAC Member Agreement. Companies interested in joining should contact membership@it-isac.org to obtain these documents and for more information.
What is the relationship between IT-ISAC and DHS?
As a result of our role as the organizational lead for the IT sector on operational information sharing and analysis, IT-ISAC has always valued a strong working relationship with DHS. We participate in several DHS information sharing initiatives and consult with DHS on ways to enhance cyber-threat information sharing. However, DHS is not an IT-ISAC member and we do not share member information with DHS unless that member has given us permission to share specific
information.