CompTIA recently launched the CompTIA Information Sharing and Analysis Organization (CompTIA ISAO), an initiative that aims to help tech vendors, MSPs, solution providers, vendors, business technology consultants, and much more learn about the latest cybersecurity threats and get actionable advice to help protect themselves and their customers.
The ISAO concept was established in 2015 by Presidential Executive Order 13691. As part of this order, the Department of Homeland Security selected a team led by the University of Texas at San Antonio to form the ISAO Standards Organization to facilitate the implementation of the Executive Order. ISAOs exist as a means to network multiple, often similar companies together to identify standards and guidelines, and share information and analysis related to cybersecurity risks, incidents, and best practices.
What does it all mean to CompTIA members? Plenty, according to MJ Shoer, executive director of the CompTIA ISAO. We asked Shoer to explain what the CompTIA ISAO is, how it works, and how it can benefit everyone involved in the business of technology.
Last year, the Technology Solution Provider ISAO (TSP-ISAO) was conceived by former ConnectWise co-founder Arnie Bellini and supported by ConnectWise. Operation of the TSP-ISAO was transferred to CompTIA earlier this year after determining that a member-led, vendor-neutral, non-profit trade association such as CompTIA was an ideal environment to manage and develop the initiative going forward.
Now under CompTIA’s management, the CompTIA ISAO will serve as the hub for all organizations in the business of technology (tech vendors, MSPs, solution providers, integrators, distributors and business technology consultants) to gain access to real-time, actionable threat intelligence, analysis of potential impacts, coordinated countermeasures, best-practice adoption, and workforce education. Below, Shoer provides some detailed answers to frequently asked questions about the CompTIA ISAO.
Watch Nancy Hammervik, executive vice president, industry relations at CompTIA, and Shoer announce the CompTIA ISAO at ChannelCon Online.
What benefits do a tech company (vendor, solution provider, MSP, distributor) get from joining the CompTIA ISAO?
The primary benefit of joining the CompTIA ISAO is raising the cybersecurity education level and posture of all companies engaged in the business of technology. The sharing of threat intelligence between the members helps them improve their defensive posture against the bad actors. For those companies involved in providing outsourced IT services to SMBs across the globe, it will provide them with qualified and actionable intelligence to keep themselves and their clients safe.
Will non-security-focused tech vendors and solution providers also benefit from the CompTIA ISAO?
Absolutely! Non-security-focused tech vendors face a unique challenge in our current climate. Specifically, the amount of cybersecurity information and intelligence available to them is simply overwhelming. By not having a dedicated focus on only cybersecurity, it is difficult at best for these firms to maintain anything other than a reactionary posture to cybersecurity threats. The CompTIA ISAO will equip these firms with digestible information that will help them become more proactive and valuable to their clients.
How does the CompTIA ISAO work?
Members join the CompTIA ISAO and participate in a number of collaborative ways. Those that are able to, share threat intelligence with the CompTIA ISAO that is analyzed and put into the CompTIA ISAOs threat intelligence feed. Members will also be able to collaborate in an interactive forum where they can discuss real-time and ongoing threats. Members are able to consume the threat intelligence feed to help architect their defenses. They also have access to CompTIA’s world class education, events, and research, which will include offerings designed exclusively for CompTIA ISAO members.
What do members need to do? What resources/investments do they need to have?
Members are asked to actively participate in the CompTIA ISAO Cyber Forum, educational offerings, events, and research to help improve the cybersecurity resilience of all member companies. The more engaged members we have, the more data we can analyze and help prepare appropriate responses for the industry. Membership will be based on company type and revenue. Traditional CompTIA solution provider members will have a membership fee that is very affordable and offers a compelling return on investment.
How long will it take to realize ROI from the CompTIA ISAO?
The opportunity to realize ROI will be immediate. It will also be dependent on the level of engagement the member puts forth. Those members that actively collaborate and share will realize the quickest ROI through understanding and action on near real-time threats. By raising the level of cybersecurity resilience across our industry, we will all realize a relatively quick ROI in the form of more secure technology organizations and through them a more secure SMB end user. That alone will impact millions of computer users around the world.
Any final thoughts you’d like to share?
The CompTIA ISAO could not be coming to the market at a better time. As the pandemic crisis has shown us, this is tech’s time to shine. That is not without increased risk. The bad actors have seized upon this time to launch new hacking and phishing campaigns on scales not previously seen. The amount of people working remotely has reached levels never expected. We expect many of these remote workers will remain so once the immediate pandemic threat has passed. This creates new realities for IT infrastructure that demands a higher level of cybersecurity. To meet these and other challenges, the CompTIA ISAO will equip organizations with cybersecurity education, events, information, intelligence, and research that has not previously been available. We will improve the cybersecurity resilience of the industry in ways not previously leveraged to help make our industry and industries worldwide more secure.