In Faith-Based Information Sharing and Analysis Organizations We Trust?
President Obama issued Executive Order (E.O.) C.F.R. 13691 to promote private sector cybersecurity information sharing. See Executive Order No. 13691 For over 1 million faith-based and nonprofit organizations exist in the Unite States alone. See NonprofitDirectory
In 2018 Faith-based Information Sharing and Analysis Organizations, ISAO emerged to help these organizations improve their cyber security posture. Websites, such as, faithbased-isao.org, exist to help their members analyze and share data about threats and risks. They offer best practices and training. They can also serve as a focal point for legislative initiatives.
Many FB organizations remain hesitant about participating in ISAOs. Reasons include.
- Deference. Many FB organizations form media and technology teams often staffed by volunteers. They are responsible to get the facts on the type of threats and challenges facing their organizations. They’re also responsible for identifying remedies. Unfortunately, in the face of a variety of limitations, these teams defer making substantial decisions. The teams are rarely empowered as decision-makers for governance and risk activities. They suffer from inadequate time and resources, lack the authority to redirect spending and feel implicit pushback from the organizational hierarchy.
- Scale and Pace. ISAOs are non-profit entities dependent upon many volunteer members, grants and donations. A service-in- kind mentality may create the perception that by joining an ISAO is not time and resources well spent. This subjective view suggests an ISAO may not be able to adequately address everyone’s issues and concerns.
- Demonstrable Value and Trust. Many FB organizations assume they can garner more value elsewhere without sharing details about their experiences to unknown persons. For example, audits and risk assessments can be more easily obtained.
Joining an FB-ISAO will not prevent attacks but it strengthens the trusted relationship between you and your contributors, donors and members and can improve your cyber security posture.
Consider joining a FB-ISAO but first take these steps.
- Appoint a permanent governance and risk committee.
- Populate the committee with skilled experts and paid consultants.
- Limit size of the committee to be effective.
- Empower the committee to redirect program costs.
- Task committee for next 90 days to:
- Review and update data management, privacy and security policies.
- Conduct risk assessments on all mobile applications, databases, networks, servers and websites.
What Do You Think?
I am the author of this article and it expresses my own opinions. I have no vested interest in any of the products, firms or institutions mentioned in this post. Nor does the Analyst Syndicate. This is not a sponsored post.