Response to March 2020 Member Survey

Dear Members, thank you for responding to our information sharing survey in March 2020. Your feedback was valuable in helping us understand what your information sharing needs are as a community. Based on your responses, we were able to gather many interesting ideas, some which will be shared here.

Background on FB-ISAO and Information Sharing Organizations

Typically, when information sharing organizations are formed (FB-ISAO was established in June 2018), the first phase involves one-way information sharing. This means the organization will act as a hub and disseminate to and share information with members. This method establishes the organization’s legitimacy and starts to build credibility and earn trust. Trust is the foundation of information sharing groups. The organization has to trust that its members will adhere to established information sharing protocols (e.g., https://www.us-cert.gov/tlp for use with disseminated information.) Likewise, members have to trust that the organization will maintain responsible handling of all information that it is entrusted with. Furthermore, an effective ISAO does not simply operate as a hub of information but facilitates trusted peer-to-peer relationships and collaboration between members. At the end of 2018, FB-ISAO made significant strides in establishing legitimacy, earning trust, and engaging the community of faith. We looked forward to continuing that momentum in 2019 – see this post.

FB-ISAO Today

As we continue our maturity trajectory, it is gratifying to see increased adoption of collaboration capabilities. Please refer to this post for information.

Slack Workspace for Collaboration.Collaboration via Slack is where our information sharing and collaboration mission is realized. Members work together to share ideas, best practices, mentor each other, and share information to reduce risk and build resilience.

Working Groups. We also formed our first working group, the Business Resilience Group (BRG). See this post on working groups. Since then, several other working groups have formed.

Incident Reporting. In December of 2019, we introduced an Incident Reporting capability. The Incident Report provides a method for members to report notable incidents and events and request further assistance if desired. FB-ISAO analysts analyze and synthesize the reports while adhering to the established trust protocols and share relevant information with the community as appropriate. An example of this kind of reporting was the security advisory issued on 15 April about “Clergy Impersonation/Imposter Scams.”

Information Sharing Communities. These private channels are for members with interests in specific geographic areas to easily collaborate and share information with one another.

Workshops. Your survey responses included the need for training – as soon as we are able, we will resume our preparedness workshops. Workshop objectives can be viewed here. Note: We are considering offering workshops in a virtual environment.

Purpose and Community Commitment

Brian Harrell, DHS Assistant Director of the Critical Infrastructure Security Agency (CISA) said; “In partnership with entities such as the DHS Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, we provide resources that assist in securing physical and cyber infrastructure.” In partnership with agencies such as CISA, we share best practices with the goal of improving awareness and resilience. Please refer to this post for more information on FB-ISAO’s partnership with DHS. FB-ISAO is only as good as delivering on the information sharing needs of the community of faith – the only way for us to do that is to get our members to collaborate with us. The only way our members collaborate with us is for our members to be leading working groups, posting Incident Reports, participating in Local Information Sharing Groups. It is also important for members to help the ISAO define the type of reporting the community needs.

Survey Outcomes

Below are some of the comments we received when we asked you, our members, what topics you would like us to address.

To address the needs identified in the survey, we are starting two new initiatives.

Information Requirements Forum. It is our intent that this forum will meet six times a year (every two months) to discuss the types of products, reporting, and events the membership desires. Again, we ask for your participation. Not only that, we NEED your participation.

All Member Meeting. Twice a year, we will hold an “All Member Meeting” – virtually to start, and perhaps in person as we progress. Those member meetings will be instrumental in keeping the organization on track to serve its mission of providing members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience.

Sustainability

FB-ISAO operations are centered around meeting the information needs based on three membership levels, basic, standard and professional. Though our basic level is free – no collaboration capabilities are available at that level. Free is nice but doesn’t support the organization. Participation and collaboration occur at higher levels of membership.

Our highest level of membership is only $480 a year – that’s $40 a month, or $10 a week or,  $1.42 a day. A regular coffee from your local coffee shop is at least $2.00! Our members are primarily fulfilling the role of security support to their FBOs. Is the cost of $1.42 a day worth the benefit of belonging to an information sharing community that helps individuals and organizations be better prepared? Hint: Ask your FBO to sponsor your membership!

Alone we can do so little; together we can do so much.

Hellen Keller

Without member collaboration and involvement, FB-ISAO will continue to function, but that mode of operation will fizzle out over the years. It is only when the membership works TOGETHER that an ISAO will achieve the desired intent of collaborative information sharing – for that to happen the membership must STEP UP.