A jargon buster to #RSAC

Are you confused by all the buzzwords at RSA Conference? Do you know your ISAO from your ISAC?

We are here to help…

In February 2015 President Obama issued an Executive Order that companies, non-profits and government departments must be able to share information relating to cybersecurity risks.

This made for an acronym-heavy read, and we knew that the same acronyms would going to be used throughout RSA Conference, so we created a handy guide to make things just a little simpler…


The cybersecurity executive order

The executive order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats.


Also know as an Information Sharing and Analysis Organisation. Obama is encouraging the development of these ISAO’s to act as focal points for cybersecurity information sharing and collaboration within the private sector, and between the private sector and government. An ISAO could be a not-for-profit community, a membership organisation, or a single company facilitating sharing among its customers or partners.

ISAO standard organisation

The Executive Order also directs the DhS to fund the creation of a non-profit organisation to develop a common set of voluntary standards for ISAOs. In short, they will set a standard way-of-working to prevent silos and complicated systems each with their own way-of-working from forming.  As it happens, Surevine are part of the team helping to define these standards, so we know what is happening here if you have any questions!


An Information Sharing and Analysis Centre; these were created as a result of a Presidential directive requesting the public and private sector to create a partnership to share information about physical and cyber threats, vulnerabilities, and events to help protect the critical infrastructure of the United States. ISAC’s are already essential drivers of effective cybersecurity collaboration, and could constitute ISAOs under this new framework.


The National Cybersecurity and Communications Integration Centre is “a 24×7 cyber situational awareness, incident response, and management centre that is a national nexus of cyber and communications integration for the Federal Government, intelligence community, and law enforcement.” Under the Executive Order, NCCIC’s shall engage in continuous, collaborative, and inclusive coordination with ISAOs on the sharing of information related to cybersecurity risks and incidents.

This blog post supports the Fact Sheet issued by the Whitehouse to support the Executive Order.