Establishing an Information Sharing and Analysis Organization

AWR381 – 8.00 Hours


EC AWR381 47 Register

This schedule is subject to change without notice. If you have not received confirmation of the class prior to the class start, please contact the division at or [email protected] to get the latest schedule.

Course Description

Cyber-attacks occur more frequently and have become increasingly sophisticated. Cybersecurity events now have the potential to significantly disrupt the business operations of government and critical infrastructure services. Public and private sectors, in the United States, are at increasing and continual risk of surprise attacks from nation-state and non-state actors. (Burgess, 2018)

The growing Information Sharing and Analysis Organization (ISAO) ecosystem provides an opportunity to empower the nation to become more educated and effective in preventing, detecting, and responding to the increasingly sophisticated landscape of cyber threats. There are considerable challenges with the vast quantity of information, the complexities of analysis, and the uncertainties of sharing data with a large network of organizations.

In the 2016 National Preparedness Report, 88% of states and territories indicated a high prioritization of cybersecurity, with only a 13% proficiency in that capability. Likewise, 86% of states and territories ranked intelligence and information sharing as a high priority, with a reported 57% proficiency in that capability. The establishment of an ISAO is a critical step to improve both of these capabilities.

Executive Order 13691 encourages the formation of ISAOs, and states that “organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States”. At the end of this course, participants should possess the fundamentals needed to design and develop an Information Sharing and Analysis Organization (ISAO) for states, locals, tribes, and/or territories (SLTTs). It addresses what the ISAO is, how it is used, who should participate in the design, implementation, building, and execution.

NCPC logo   UTSA CIAS logo

This course is offered by the National Cybersecurity Preparedness Consortium (NCPC) and was developed by the NCPC partner The University of Texas at San Antonio Center for Infrastructure Assurance and Security (UTSA/CIAS).  The course is funded through the DHS/FEMA Homeland Security National Training Program and is offered at no cost.


Must be a U.S. Citizen or Permanent Resident or receive approval from TEEX/DHS-FEMA prior to the start of the class. Please contact us for more information on the approval process.

Course Completion Requirements

Students must receive a minimum score of 70% on the course post test to receive their certificate.

Attendance Requirements

To meet attendance requirements, participants must review each training module and complete all required course assignments, activities, quizzes, and/or end of course exam.

To prevent issues during your online course, the following is recommended:

  • Broadband connection
  • Current browser updated to the latest version (i.e., Edge, Chrome, Firefox, Safari)
  • Pop-ups must be enabled.
  • Adobe Acrobat Reader 7 or higher

Upon successful completion, you will be able to:

  • Explain key concepts of the cyber threat information sharing landscape
  • Summarize the essence of an ISAO
  • Explain aspects of the cyber threat information sharing ecosystem
  • Differentiate between ISAO creation drivers
  • Summarize components needed to establish the purpose of the ISAO
  • Explain aspects of an ISAO membership structure
  • Summarize aspects of the ISAO’s organizational structure
  • Summarize plans supporting the ISAO business model
  • Explain how trust plays a major role for the success of the ISAO
  • Summarize why privacy and security principles must be integrated into the ISAO’s practices
  • Identify important privacy and security laws for an ISAO
  • Summarize the phases of the Information Sharing and Analysis Framework
  • Summarize various services and capabilities found in an ISAO
  • Explain how partnerships enhance ISAO capabilities
  • Explain the importance of measuring effectiveness for an ISAO
  • Develop a plan for building an ISAO

Suggested Audience

The target audience for this course are public and private sector decision makers and upper-level management, government administrators, jurisdictional and/or state officials, technical and information security personnel involved with establishing an ISAO. This includes anyone associated with a Security Operations Center (SOC), Network Operations Center (NOC), or operations as well as partnering organizations.

Other Information

After registering for this online course, you will receive an email with instructions for getting started. If you do not receive a confirmation within one hour, please contact us.

Government Programs

Contact Information

Business & Cyber Solutions
Phone: (979) 431-4837
Email: [email protected]