Politically correct justifications for addressing insider employee security threats
July 27, 2015
Speaking at BSides Ottawa – a great security conference tradition
September 22, 2015

ISAC is a community-based approach to addressing cyber risks in industry verticals

I often teach organizations to educate users on doing their jobs securely by focusing on doing only the things they are authorized to do...

I often teach organizations to educate users on doing their jobs securely by focusing on doing only the things they are authorized to do. Anything else that comes up – like “out of the blue” requests from outsiders – should be treated with caution. This lets employees work efficiently in areas they know well, and gives them guidance on when to double-check and take extra security precautions. A similar approach has been used successfully by cooperative industry organizations called Information Sharing and Analysis Centers (ISAC). These types of organizations offer some degree of promise for setting up guidelines and standards to reduce risks for businesses within their industry area. Most recently, ISAC’s have been set up for the automotive industry and the legal services industry (LS-ISAC). Some have been around for much longer, like the Financial Services FS-ISAC, which has been in place for 15 years. The idea behind an ISAC is to enable sharing of threat data between industry participants, for their mutual benefit. This approach is logical, since organizations within a given vertical industry tend to use similar types of data in similar ways. For example, law firms have a standard way of handling case information, and automobile manufacturers use standards for parts, as well as for sensor and computer data. By trying to understand what data attackers might go after, and trying to anticipate the nature of the threats, the ISAC’s can help their industry participants in preparing for, and maybe even preventing, successful attacks on their information systems. I think we’ll see a lot more of these organizations being set up for virtually every industry in future. You should consider them as a good reference source for security planning information that can help strengthen the information flows within and between supply chains. Here’s a good article that describes this emerging trend in fighting cyber security risks within industries. Scott Wright The Streetwise Security Coach Phone: 1-613-693-0997 Email: scott@streetwise-security-zone.com

Not sure if our services are right for you? Why not ask for a free consultation?

We can even ’test drive’ a demo during our first call to try out any options that are of interest to you.