|
|
Enron Mail |
Steve:
Information on the Financial Sector's ISAC. Key question is will we qualif= y=20 for membership - see para 3. =20 If we qualify as a "designated financial services exchange and finance sect= or=20 utilities" this ISAC will work for us. =20 If not, I recommend we join the Oil & Natural gas ISAC. I will forward=20 information on NERC's process shortly - Pete Frequently Asked Questions WHO OWNS THE FS/ISAC? The FS/ISAC and the data in the FS/ISAC is owned by the members through th= e=20 FS/ISAC, LLC (Limited Liability Corporation) created to manage the ISAC process for=20 Financial Services. The FS/ISAC is operated by Global Integrity Corporation, a wholly owned=20 subsidiary of SAIC. WHO ARE GLOBAL INTEGRITY AND SAIC? (Global Integrity is now owned by=20 Predictive SYstems Inc.) Global Integrity is an information security service provider to commercial= =20 clients around the world. It provides a full complement of information protection, electronic commerce= =20 security, consulting, and engineering services worldwide. Global Integrity Corporation is a wholly= =20 owned subsidiary of SAIC (Science Application International Corporation), the largest employee owne= d=20 research and engineering company in the US. Since 1969, SAIC scientist and engineers have worked to= =20 solve complex technical problems in the healthcare, telecommunications, national security, financi= al=20 services, transportation, energy, and the environment. With annual revenues approaching $5 billion,= =20 SAIC and its subsidiaries have more than 38,000 employees in 150 cities worldwide. WHAT ARE THE MEMBERSHIP REQUIREMENTS? Membership is open to the following categories of US entities registered,= =20 and in good standing, with their appropriate regulators:=20 FDIC Insured Bank=20 NASD Licensed investment firm=20 Designated Financial Services exchanges and finance sector utilities= =20 Specialized US or State licensed banking companies=20 US or State Licensed Insurance companies=20 Membership will be granted to an applicant only after third-party=20 verification is completed by the FS/ISAC, LLC.=20 WHO HAVE ACCESS TO THE FS/ISAC? Financial Services companies who become members of the FS/ISAC, LLC.=20 WHO ARE THE CURRENT MEMBERS? Anonymity of members is key to obtaining industry-wide cooperation. The=20 member list of the FS/ISAC has not and will not be released to anyone. Membership is strictly confine= d=20 to eligible financial service applicants as defined by the FS/ISAC, LLC Board of Managers.=20 HOW DOES MY COMPANY BECOME A MEMBER? Accessing all materials to become a member is easy. The enrollment process= ,=20 procedures, membership agreement, and eligibility form may be obtained from the FS/ISA= C=01, s web site, www.fsisac.com, or by calling our offices at (888) 660-0134.=20 HOW MUCH DOES IT COST TO JOIN THE FS/ISAC? Membership fees range from $13,000 to $125,000 depending on the membership= =20 level selected.=20 HOW DOES THE FS/ISAC WORK? For the first time, information security professionals may anonymously sha= re=20 in an industry wide database of electronic security threats, vulnerabilities, incidents and=20 solutions. Members voluntarily will report information to the database on either an anonymous or attributed=20 basis. Input will be analyzed by security specialists for potential solutions and, depending on the=20 seriousness of the case, the FS/ISAC will distribute an alert to members. WHAT IS THE VALUE PROPOSITION TO MY COMPANY? There are a number of value added features for each member: Early Notification=20 Relevant Information=20 Industry-wide Vigilance=20 Subject Matter Expertise=20 Anonymous Information Sharing=20 Trending, Metrics, Benchmark Data=20 HOW SECURE IS THE FS/ISAC FACILITY? The location or locations of the FS/ISAC are secret. The FS/ISAC is=20 physically secured and the facility is operated remotely. The various components of the FS/ISAC system are=20 protected through state-of-the-art security techniques, including constant monitoring for=20 unauthorized attempts to access or alter the system. HOW MANY INCIDENTS, THREATS, VULNERABILITIES AND SOLUTIONS ARE CURRENTLY I= N THE FS/ISAC DATABASE?=20 Information in the database comes from FS/ISAC members, US Government=20 agencies, hardware and software vendors, and other sources. While the exact number of incidents= =20 submitted is confidential, there have been over 820 entries related to general threats, vulnerabiliti= es=20 and solutions impacting the critical information infrastructure at large.=20 DOES THE US GOVERNMENT HAVE ACCESS TO FS/ISAC REPORTS? No. US Government agencies, such as NIPC, submit information but cannot=20 access data. HOW IS THE FS/ISAC FUNDED?=20 The FS/ISAC is a private-sector partnership of FS/ISAC, LLC members.=20 Membership fees are the sole source of funding. Global Integrity provided the start-up funding. HOW MANY INCIDENTS WILL BE REPORTED?=20 Since Banking and Finance is the first sector to establish an ISAC, there= =20 are no historical data from which to derive traffic statistics. For the first time, financial services= =20 companies can share incident information via the FS/ ISAC. Some members may choose to share data with= =20 attributions. Many are likely to submit data with complete anonymity. Over time, it is expected t= he=20 database will be extensive.=20 HOW WILL THE FS/ISAC DATA BE USED? The FS/ISAC data will be used to share incident information among members = in=20 near-time. The data will also be used to develop trending and benchmarking information for the= =20 benefit of the members.=20 WOULD THE FS/ISAC PREVENT A VIRUS LIKE MELISSA OR WORM.EXPLOREZIP? No, it would not prevent a virus or deliberate hacker attack from happenin= g.=20 It would, however, give members an alert or early warning notice and offer known patches or soluti= on=20 recommendations. It would enable members to respond quickly to avoid or limit potential damage= . WHAT IS THE DOWNSIDE RISK OF NOT JOINING THE FS/ISAC? You would not avoid the expense or loss of reputation of an unexpected=20 incident or attack about which the FS/ ISAC would have warned you. You would not have access to the=20 near-time database or expert analysis that is available to members.=20 For more Information, visit the FS/ISAC=01,s web site: www.fsisac.com or c= all:=20 (888) 660-0134 ISAC-FAQ031000
|