RS.CO-03.334

Does your organization voluntarily share information about observed threat actor tactics, techniques, and procedures (TTPs) with an Information Sharing and Analysis Center (ISAC) or similar industry group after removing sensitive data?

Explanation

Sharing sanitized threat intelligence about attacker TTPs helps strengthen the collective security posture of your industry by allowing other organizations to prepare defenses against similar attacks. This collaborative approach enables faster identification of emerging threats and more effective response strategies across the sector. Evidence of fulfillment could include documentation of ISAC membership, logs or records of information shared (with sensitive data removed), internal policies governing threat intelligence sharing, or correspondence with ISAC representatives confirming your organization's participation in information sharing activities.

Implementation Example

Voluntarily share information about an attacker's observed TTPs, with all sensitive data removed, with an Information Sharing and Analysis Center (ISAC)

ID: RS.CO-03.334

Context

Function
RS: RESPOND
Category
RS.CO: Incident Response Reporting and Communication
Sub-Category
Information is shared with designated internal and external stakeholders

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron