The Information Sharing and Analysis Organization Standards Organization (ISAO SO) announced today the release of a new document titled ISAO SO Special Publication 6001: Enabling Private-Public Partnerships (PPPs) for Information Sharing (SP6001). The document can be viewed here.
This document takes into consideration the challenges industry, government and other organizations face when working to mitigate cybersecurity threats. These challenges have driven many organizations to collaborate in partnerships to share their strengths and resources to improve the security and safety for the partners and the public.
“As a country, we have the potential to meet threats posed by the cyberattacks and exploits undertaken by state-sponsored and other actors,” said Doug DePeppe, ISAO SO government relations work group chair and founder of eosEdge Legal. “This document closes a gap by providing a business framework and guidance on critical first steps for establishing a group that would organize a community, both private and public, around collective defense.”
The increasing challenge to establish and sustain a sufficient cybersecurity posture with limited resources can be overwhelming to organizations. SP6001 serves as a construct to drive community-based and market-based approaches to strengthen cybersecurity.
“Neither government nor the private sector alone can marshal the necessary human resources, technologic know-how or time to satisfactorily address training, preparedness, response and resilience to dealing with cyber threats and attacks,” added DePeppe.
SP6001 does not prescribe a specific PPP construct among information sharing partners. However, the documents presents the case for cross-sector collaboration, proposes a PPP framework that addresses the interest, agreement and capabilities that can drive success of a partnership, and expands on the operating principles that drive PPP success, among other topics.
“ISAO SP6001 is the seminal document in providing a vision and mechanics for cyber capacity building from the ground up,” said DePeppe.
ISAO SO special publications are documents authored by the ISAO SO working groups using an open and transparent consensus-driven development process. These documents are designed to be shorter than the ISAO SO general publications while addressing specific topics to meet the needs of information sharing organizations.
“The goal of the ISAO SO is to identify a common set of voluntary documents for the creation and functioning of information sharing and analysis organizations,” said Dr. Gregory B. White, executive director of the ISAO SO. “This new document is designed to start a conversation on this changing environment and how private and public partnerships can engage to create a more secure nation.”
The ISAO SO has published 13 voluntary guideline documents since September 2016 on ISAO.org. These publications were developed with the support of over 160 industry experts in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing and analysis related to cybersecurity risks, incidents and best practices.
Provide Feedback
If you have any comments or suggestions relating to this document, you may submit them using our published product comment form.