FS-ISAC may schedule a Spotlight Call on short notice to brief members on the available threat intelligence related to the incident, arming members with timely, actionable threat information to protect themselves and their customers. These calls include speakers with primary, direct knowledge of the incident and/or the threat actor. A Share announcement will be issued about the call, as well as a post to Connect’s Town Square in the ALL team/area. Members on the mailing list will receive an invite (contact Member Services to be added). All calls are recorded and accessible on FS-ISAC Video.
FS-ISAC publishes its own security response in From the CISO’s Desk memos. These reports offer members detailed mitigation guidance, actionable steps to strengthen controls, as well as external links and research to help security teams find the best solutions for their firms and programs.
FS-ISAC’s communities (also known as communities of interest or COIs) are smaller groups within the larger membership that focus on specific sub-sectors, geographies, functions, or topics. Depending on the scope and impact of the incident, relevant communities may do ad-hoc, invite-only, non-recorded calls or relay incident information via mailing lists.
The Business Resilience Committees (BRCs) assess operational risks associated with incidents and the sector’s operational resilience to the potential impacts. FS-ISAC may convene all or part of the regional Business Resilience Committee(s) depending on the scope and scale of an incident. BRC assessments help inform FS-ISAC and sector coordinating bodies on the systemic nature of the incident and potential mitigation options available from an operational perspective.
FS-ISAC operates public-private partnerships (PPPs) regarding intelligence and resilience matters around the world, with security-cleared analysts in the US and UK and intelligence liaisons in other geographies.
For intelligence-related sharing and collaboration, FS-ISAC’s Global Intelligence Office (GIO) assigns liaisons to certain PPPs to safeguard member-generated information, anonymize data when needed, and share information with the private sector as appropriate. Member intelligence is never shared with public sector partners without originator approval.
For resilience-related analysis and coordination, FS-ISAC’s Resilience team collaborates with PPPs before, during, and after incidents to understand sector risks, assess impact severity at the sector-level, and share information on sector operational capabilities. The Resilience team holds regular coordination calls with PPPs to review playbooks and continuously assess and exercise operational risks.
FS-ISAC’s Media Response Team (MRT) helps to support consistent and cohesive messaging to the media in times of sector-level incidents and/or crises to preserve confidence in the global financial system. Managed by FS-ISAC’s Communications team, the MRT is composed of communications leads from Tier S and Tier 1 member firms, major sector associations, and others on an as-needed basis. The MRT functions according to the level of media attention and concern facing the sector regarding specific cyber issues.
FS-ISAC may publish public mitigation guidance on the FS-ISAC website’s Knowledge section, either based on its own internal security response or as assembled by security leadership in consultation with the intelligence team and member peers.
Follow Us
