Retail ISAC

The Retail Information Sharing & Analysis Center (ISAC) component of the R-CISC functions as a forum for retailers to share threat information and leading practices with each other to enhance the security of the retail industry’s networks and protect consumer data.  This threat information includes, but is not limited to:

  • Cyber Observables – a description of threat/attack activity observed including all known resources used
  • Indicators – specific attributes defining known or suspected threat activity
  • Incident – details associated with the “who, what, where” of a particular threat (the targeted sector, the type/nature of data exfiltrated, etc.)
  • TTP – tactics, techniques, or procedures of a particular threat
  • Target Exploit – data identifying the actions the threat(s) may take or have taken against or on a victim’s system/network, and particular weaknesses that a threat may seek to leverage or exploit
  • Campaign – data suggesting motive of the threat actor or type of attack in order to aid in better detection and prevention of future threat activity
  • Threat Actor – data helpful to the identification of bad actors in order to aid in better detection and prevention of future threat activity
  • Course of Action – information detailing processes and practices for detection, prevention, mitigation, or remediation of threat activity

The Retail ISAC is presently staffed by dedicated analysts, who are tasked with processing and distilling information about real-time cyber threats, such as new strains of malware, underground criminal forum activity, or potential software vulnerabilities.  The Retail ISAC analysts, supported by a team of specialists housed at the National Cyber-Forensics & Training Alliance (NCFTA), translates this information into actionable intelligence, in the most usable and timely form for retailers.  Via the NCFTA and other relationships, anonymized information is also shared with federal government and law enforcement entities, such the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation.

Retail ISAC