The Information Sharing and Analysis Organization Standards Organization (ISAO SO) hosted an in-person meeting with working group leadership on the campus of UTSA in San Antonio, TX, and via webinar, on Thursday, July 20th. This meeting was the first of two in-person events the group planned for this year, and was meant to reinforce guidance provided by the ISAO SO to the working groups. The ISAO SO working groups are each tasked to develop specific standards and guidelines for the creation and functioning of ISAOs.
Working Group leaders shared details of the current documents in development, timelines, and topics for future documents based on the needs of the information sharing community. The ISAO SO will release three Special Publications (SPs) this summer. These SPs are documents authored by the working groups, designed to be shorter than the General Publications, while still addressing specific topics to meet the needs of information sharing organizations.
The following SPs will be published this summer, including:
- ISAO SP 1000: Forming a Tax-Exempt Entity (published July 26, 2017)
- ISAO SP 4000: Guiding Practices to Advance Consumer Privacy in Cybersecurity Information Sharing (Target Publication: August 2017)
- ISAO SP 8000: Frequently Asked Questions for ISAO General Counsels (Target Publications: August 2017)
The meeting itself kicked off with a few brief administrative notes from ISAO SO Director of Lifecycle Management, Allen Shreffler, and then shifted to a detailed discussion on the recently released agenda for the International Information Sharing Conference being held October 31 – November 1 at the Walter E. Washington Convention Center in Washington D.C. Fine points were shared on invited senior government speakers, panelists, and the highly anticipated technology demonstrations scheduled to take place each day of the conference.
Dr. Greg White, Executive Director of the ISAO SO, then set the stage for the rest of the day by leading a rousing dialogue on ISACs and ISAOs, discussing the importance for small businesses and organizations to set aside their proclivity for waiting and start building trust within informal groups—getting started is key. He also voiced his delight with the body of knowledge being produced by the working group volunteers, while highlighting areas where work still needs to be done. Dr. White closed by encouraging the working group leaders, several of which are participating in the upcoming International Information Sharing Conference as moderators, to act as ambassadors by sharing the news of the conference with their networks.
Natalie Sjelin, Director of Support for the ISAO SO, provided an overview of ISAO Support Services, including Roundtable events for new and emerging ISAOs, and the evolving Marketplace for vendors providing services specifically to ISAOs. She also provided a demonstration of the Resource Library and encouraged working group leaders to submit new resources they come across while completing research for upcoming documents. Support discussions closed with a call to move forward on providing checklists and templates to assist new ISAOs in advancing, and future plans for exercise and training opportunities.
The afternoon rounded out with a robust conversation about document development procedures, needs assessment for future documents, planning and analysis of future documents, outlines, request for comment periods for the public, the editorial process, new publications prioritization, and retention and recruitment for the working groups.
“Input from the working groups has been a critical aspect of the success of the ISAO SO,” explained Allen Shreffler, Director of Lifecycle Management. “This meeting provided an opportunity for working group leaders to connect directly with each other and discuss the state of the ecosystem and what their role is in shaping the publications designed to assist with the creation and function of ISAOs. The dialogue we continue to have with working group leaders represents a roadmap for the growth of the information sharing community as a whole.”
Finally, the ISAO SO is always seeking new members to work on the development of documents and products related to promoting cybersecurity information sharing. For more information on how to get involved in one of the ISAO SO working groups, including ISAO Creation, ISAO Capabilities, Information Sharing, Privacy and Security, Government Relations, or Analysis, please visit the Join a Working Group page to complete the application.