The primary function of Information Sharing and Analysis Centers, or ISACs, as stated in their charters, is to reduce risk in member organizations through improvements to prevention, detection, and response. To do this effectively, they must serve as a trusted broker in the sharing of specific information on relevant threats. This definition is important because of their relationship with two critical factors: the quality of shared information and the active participation of members of the core groups. As a trusted broker, the ISAC is the steward of both quality and quantity.
Prior to ISACs, if you weren't part of an "inner circle" of security professionals, you couldn't benefit from information being exchanged. ISACs allow relative newcomers to become instantly trusted, to a degree, so that they can get insight into the threats and security issues their peers are seeing.
With respect to quality, one of the goals of ISACs is to create a community where everyone can learn from each other through the sharing of meaningful data. When one organization is hit with malware or targeted by an adversary, everyone else will know when someone else in the group has seen this threat. Because anonymity is provided by the trusted broker, specific information can be provided to allow others to look in their own networks to see if they have also been targeted.
Trusted Broker: Achieving Critical MassThe role of trusted broker enables information-sharing groups to achieve critical mass, thus providing quantity. Previously, sharing was only done between individuals who knew each other and had an established relationship. But this model is naturally limited in scope. When ..
Support the originator by clicking the read the rest link below.
