The Internet Security Alliance is a non-traditional trade association because we provide our membership with an exclusive suite of services specifically designed to aid in protecting their assets, their corporate brand, and assuring adherence to legal and industry standards and practices. These services run the gamut from technical information sharing, corporate risk management, to developing model practices and language for service agreements and contracts. The ISAlliance takes pride in staying ahead of the curve and maintaining vigilance in the face of constantly changing threats and vulnerabilities. In response, the ISAlliance is constantly evaluating new services to provide our members.

By increasing our membership’s return on security investments, we use market incentives to motivate increased security.  We believe this is the only sustainable way to improve cyber security. 

Cyber Security is not an IT problem, if it ever was. Just as the Internet does not respect national boundaries, nor does it respect corporate divisions.

---

Continuing to Grow and Adapt 

When the ISAlliance began,  our primary service was providing access to CERT/cc threat, vulnerability, and incident information.  We operated a uniquely valuable information-sharing program and provided significant benefits to our members by providing warnings about cyber security incidents -- from NIMBDA to Slammer – weeks and months ahead of the exploits. As a result, most ISAlliance members were able to side step these incidents.

However, we quickly realized that simple information sharing, even with the best information available to the private sector, was not enough.  We have maintained our efforts to evaluate our service offerings and adapt to the changing world of information technology. Since 2001, our services have evolved to include best practices, standards and metrics development, market incentives to motivate better security, public policy advocacy and demonstration of effective corporate models.

In 2004 we expanded further by enhancing our relationship with Carnegie Mellon University. We started providing broader and improved technical services, risk management and Return on Investment projects, technology trend analysis, and incident forecasting. 

In 2006 and 2007, we've continued our work in advancing the market incentive agenda to the U.S. Government. With the publication of the National Infrastructure Protection Plan in June 2006, it is now National Policy to provide incentives to private industry to secure the Critical Infrastructures and Key Resources of the United States. We started a new program, the Enterprise Integration Program, to integrate security throughout corporate structures by examining complex compliance issues, like Outsourcing Risk Management, Breach Notification, Incident Handling, through a multidisciplinary perspective considering Technical, Legal/Regulatory, Business Operational, and Policy issues.

As we look ahead in 2007, we are exploring new services and products to maintain our commitment to promoting sound information security.