What is the
IT-ISAC?
Founded in 2000, the mission of the Information Technology-Information Sharing and Analysis Center (IT-ISAC) is to grow a diverse community of companies that leverage information technology and have in common a commitment to cybersecurity.
We serve as a force-multiplier that enables collaboration and sharing of relevant, actionable cyber threat information, effective security policies, and practices for the benefit of all.
What We Do
The IT-ISAC is the definitive source for security information impacting the IT Sector. We have established a one-of-its kind forum which assembles some of the brightest minds from the world's leading IT companies to minimize threats, manage risk, and respond to cyber incidents impacting the IT Sector. Members gain and share knowledge, practices and insights through trusted, confidential collaboration.
We enhance our members' ability to manage risks. We have built a network of relationships with members and trusted partners from across the critical infrastructure community. Through this multi-directional information sharing, we improve the security of individual corporate networks and the critical infrastructure community collectively.
Our Network
Our Team
The IT-ISAC team is made up of our Operations Team, which provides our analysis and reporting, as well as our Membership Team, which provides member support. Our team works around the clock to provide up-to-date, independent, and vendor neutral analysis and promote sharing and collaboration among our members.
Frequently Asked Questions
What is an ISAC?
Information Sharing and Analysis Centers (ISACs) are member driven organizations that facilitate the sharing of threat intelligence and effective security practices among member companies within specific critical infrastructure sectors. They are important platforms for collaboration among member organizations in the pursuit of a more secure and resilient sector.
When and why was the IT-ISAC established?
The IT-ISAC was established in 2000–and achieved operational capability in 2001–to help the information technology sector voluntarily address cybersecurity threats and vulnerabilities in a trusted, industry-only forum. The ISAC promotes threat intelligence sharing and provides actionable alerts to help strengthen member organizations' knowledge and resilience.
What is the benefit of information sharing?
Active engagement in an ISAC is a vital tool in the fight against cyber threats. It provides a cost-effective force multiplier to organizations looking to boost their cybersecurity posture. The concept is simple–companies are stronger together than they are separately. The more organizations share what they see, hear, and experience with one another, the better armed the entire sector is to identify incidents, defend against attacks and mitigate damages.
The attackers share with each other. The defenders share with us.
Can individuals join the IT-ISAC?
Unfortunately, individual membership is not supported at this time. The IT-ISAC membership is open to private sector organizations. Member companies can assign individuals within their organization to represent them.
What organizations can join the IT-ISAC?
The IT-ISAC’s governing documents limit membership to private sector organizations. Individuals and government and public agencies are not eligible for membership within the ISAC. However, we are committed to the principles of public-private partnership and engage with government agencies in other ways, such as webinars, speaking engagements, and newsletters.
While the majority of our members are based in the United States, we do accept member companies headquartered outside the United States. Please note, however, that to ensure trust within the organization and to comply with U.S. regulations, every application undergoes a thorough review. The IT-ISAC reserves the right to reject applications, and we are not able to accept applications from companies based in a variety of countries.
What benefits do IT-ISAC members receive?
IT-ISAC is more than another threat feed. We are a growing community of companies dedicated to actively collaborating to address cybersecurity challenges. Subject-matter experts from the world’s leading technology companies regularly discuss common security challenges, threats, and effective practices. Benefits include:
-
Access to 250+ Adversary Attack Playbooks mapped to the MITRE ATT&CK® Framework on threat actors, enabling members to share and learn tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs).
-
A Ransomware Tracker that contains 10,000+ reports of ransomware incidents, including those specific to the IT and food and ag industry.
-
Threat Intelligence Platform access to industry-leading threat analysis and automated indicator sharing.
-
Daily Threat Reports, weekly newsletters, and incident-specific reporting as needed, offering timely analysis to assist with informed risk management.
-
Special Interest Groups (SIGs) facilitating discussion among members on security topics and industry segments.
And much more. A more complete set of member benefits is available in our membership brochure.
Is there a fee associated with joining the IT-ISAC?
Yes. We have three membership tiers (Bronze, Silver, and Gold), starting at $3,000 in annual dues that are on a rolling basis. You can read more about the differences in tiers and benefits in our membership brochure.
What organizations can join the IT-ISAC?
The IT-ISAC’s governing documents limit membership to private sector organizations. Individuals and government and public agencies are not eligible for membership within the ISAC. However, we are committed to the principles of public-private partnership and engage with government agencies in other ways, such as webinars, speaking engagements, and newsletters.While the majority of our members are based in the United States, we do accept member companies headquartered outside the United States. Please note, however, that to ensure trust within the organization and to comply with U.S. regulations, every application undergoes a thorough review. The IT-ISAC reserves the right to reject applications, and we are not able to accept applications from companies based in a variety of countries.
Does the IT-ISAC have a free demo or trial membership offer?
We are not able to offer a trial membership, but we are happy to schedule guided demos with our experts to walk you through our benefits and answer any questions. If you’re interested in scheduling a demo, please reach out directly to membership@it-isac.org.
How do I join the IT-ISAC?
To join us as a member organization, we require a completed and signed membership application. All applications go through a thorough review process for approval. You can receive an application by reaching out to us at membership@it-isac.org or using our contact form.
What is the relationship between IT-ISAC and government agencies such as CISA and DHS?
The IT-ISAC has long valued its strong working relationships with government partners and remains committed to collaborating on initiatives and policy issues that affect the sector. However, IT-ISAC does not share any member information with the government without the explicit consent of the member involved.
Does the IT-ISAC receive government funding or grants?
No. We are proud to be 100% funded by our members! For more information about IT-ISAC membership, please visit our Membership page.
Does the IT-ISAC engage in industry partnerships?
Yes! We’re a big believer in partnerships. The IT-ISAC helped establish the National Council of ISACs, to improve collaboration, coordination and sharing with other ISACs. We are a founding member of the IT Sector Coordinating Council and our Executive Director serves as a member of its Executive Committee. The IT-ISAC also partners with industry organizations to bring additional benefits to our members in the form of discounts, such as our partnership with CompTIA. Members enjoy a 15% discount on CompTIA membership, training, and certification.
We’ve also recently partnered with two cybersecurity initiatives: Take9 and Cyber Threat Alliance. Partnerships with these organizations help foster industry-wide information sharing as we work together to spread awareness of cyber incidents and key cybersecurity topics.
You can find a full list of our partnerships here.