ISAOs Make the World More Resilient

In our zest to get arms around the challenges of cybersecurity sometimes we miss the opportunities to reach our desired goals.  The result we seek should be to reduce risk, not to create an impenetrable digital fort.  Cybersecurity professionals know these safe houses do not exist. 

Information Sharing and Analysis Organizations (ISAOs) provide opportunities to build relationships with entities that will be the key to enhancing risk reduction through shared cyber intelligence.  "Costs" from sharing information or spending on the proper risk assessments will more than yield dividends when accounting for and approaching the "cybersecurity apparatus" as an asset itself. 

By focusing on risk reduction we are allowed the opportunity to plan for intentional and unintentional network failure and strategically design in the resilience.  Risk reduction takes into account what is vulnerable and risk-based analysis of how resources will be expended to gain security advantages.  It also allows us the opportunity to make every failure a success.  A chance to minimize loss of assets and to condition the potential revenue interruption with additional backup systems and potentially cyber insurance.  

We score when our eyes are finally opened and realize our strength is through enhanced cyber awareness, ample forewarning and the ability to learn from the experiences of others.  When the walls come  down we are awaken to the realization technology is the enabler and not the solution. 

By definition, we build information systems and networks for connectivity and efficiency.  Therefore, totally locking down our environment potentially limits the return on the investment we sought in making the information technology investment.  Openness and partnership will bring increasing value to human and technological resources.  Learned experiences and reinvention from each failure will help us build a better foundation.  

The need to secure systems is only going to grow with the emergence of IoT technology requirements, new regulations and expanding access to new functionality.  "Exercising" to determine what could happen in a network or to our systems will help account for the potential loss thus making us stronger.  The goal should be to never have the same cybersecurity issue twice.  We should grow from the data points we stack as a result of all network experiences. 

Your organization is in fact winning the cybersecurity battle if you are building-in security that is based on empirical data.  The next step however, is to extend that learning perimeter to corral information about organizations like yours.  I am talking about your community of interest which my consist of competitors, or those in your market space or region. 

ISAOs assist you to feed the system you are nurturing, to understand how healthy your network is and to take a community approach to resilience.  Thus, ISAOs lower the total cost of cybersecurity to the whole community.  www.certifiedisao.org