There's nothing like a series of denial of service attacks to bring longtime foes closer. Nineteen information technology companies, including Microsoft, IBM, AT&T, Cisco Systems, Computer Associates, Intel, Oracle, and Symantec, founded the Information Sharing and Analysis Center for Information Technology (IT-ISAC), a not-for-profit corporation, which facilitates the exchange of information on security threats and issues among its members.
"The basic idea is to try to use the intelligence that's gathered to head off and better predict (security) issues," says Harris Miller, president of the San Mateo, Calif.-based Information Technology Association of America, a trade association representing the IT industry.
The ITAA helped form the IT-ISAC group. The organization was also partially formed in response to Presidential Decision Directive 63, which advanced a public-private sector plan for critical infrastructure protection. To establish the information sharing the founding companies also worked with the U.S. Department of Commerce.
Unlike organizations such as the National Infrastructure Protection
Center (www.nipc.gov), CERT Coordination Center (www.cert.org), or the System Administration Networking and Security Institute (www.sans.org), which broadcast security information to the public, IT-ISAC will share it only among members.
IT-ISAC will also allow any other qualified information technology company to join by paying a $5,000 annual fee. "IT-ISAC set a low enough fee so it's not a barrier to membership," Miller says. They will have full access to any information shared and distributed within the group.
Besides giving small information technology companies a security advantage, other small businesses will benefit from more secure products and services and a more secure Internet environment.