Working Groups

RH-ISAC offers nearly 20 working groups for members to collaborate and focus on particular issues. Groups meet on a regular basis via online platforms.

Domain-Specific Groups

Working groups are domain-specific and focus on sharing knowledge, use cases, and best practices in a given subject area.

shield-icon-teal

Dark Web

This is a specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.

gift card

Gift Card Fraud

This group of retailers is dedicated to gathering collective intelligence on gift card extortion, using relevant data to build cases for law enforcement investigations, and sharing best practices on prevention and detection controls as well as fraud team(s) roles, responsibilities, and organizational alignment.

fraud

Fraud

This group is dedicated to preventing and detecting fraud and all the ways it manifests as a cyber threat against organizations and customers in the retail and hospitality sector. This includes sharing intelligence on ATO, bots, ransomware, phishing, refund-as-a-service and loyalty fraud, and domain takedowns/imposter sites; as well as best practices on fraud security controls, and detection tools.

Identity & Access Management (IAM)

Participants in this group share their company’s IAM journey for the enterprise, customers, or both. Topics include multi-factor authentication (MFA), privileged access management (PAM), customer identity access management (CIAM), role-based access controls (RBAC), just-in-time provisioning, and other zero-trust architecture-aligned IAM principles, as well as single sign-on related concerns.

Incident Response (IR)

This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences, as well as collaborating on incident investigations, threat hunts, and tabletop exercises.

Automated Alerts

MISP

The MISP Working Group primarily supports the RH-ISAC's efforts to advance its MISP instance’s content and functionalities based on member needs and interest in order to further support member collaboration and threat sharing.

secure, automated reports to optimize your cybersecurity

Operational Technology

This group is for retailers who have manufacturing capabilities or use hardware and software to monitor production operations discuss unique security challenges, including the internet of things (IoT), remote access for employees and third-party support, network segmentation strategies, and measuring OT risk.

Risk Management

The group seeks to build meaningful and mutually beneficial relationships with cybersecurity professionals who focus on governance, risk, and compliance (GRC) within their organizations. This community is interested in developing key risk indicators (KRIs), business resiliency, cyber risk quantification, cyber insurance, and governance tools, and cloud governance practices.

Security Architecture

This group is for security architects to discuss high level topics regarding security architecture and their infrastructure.

sharing

Security Awareness

This group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Topics include phishing program strategies, building a security champions program, leveraging threat detection tools to identify risky behavior, and planning initiatives for Cybersecurity Awareness Month.

tools

Security Tools & Technology

This group focuses on evaluating and optimizing security tools and technologies to enhance cybersecurity defenses. It assesses existing solutions, explores new technologies, and identifies opportunities to improve efficiency. Topics include selecting and integrating tools, evaluating emerging technologies, and optimizing systems to address evolving threats. The group also monitors industry trends, discusses the future of security, and collaborates on recommendations for stronger infrastructures.

Vulnerability

Vulnerability Management

This group is dedicated to identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. Sharing these best practices helps prioritize potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited. Other discussion topics include system ownership, application dependencies, secure CI/CD pipeline, and change management.

Special Interest Groups

Special interest groups are unique to personnel roles and responsibilities or industry sectors.

Analyst Community

Nearly 2,500 analysts, threat hunters, and security engineers share real-time cyber intelligence on incidents, threats, vulnerabilities, and associated remediation tactics in this community. The RH-ISAC hosts a Weekly Intelligence call every Tuesday at 1 p.m. ET where members report on the threat landscape.

Collaboration

BISO Community

This group is for to business information security officers (BISOs) who are seeking to better understand organizational alignment, key job functions, required skillsets of the role, as well as the data sources and metrics needed to build and measure the success of a BISO program.

Team Icon

CISO Community

More than 350 CISOs, deputies, and level-equivalents are highly engaged in sharing strategic and operational knowledge for maturing their information security teams. Surveys and requests for information (RFI) provide peer insights on topics related to risk management, security architecture, and resource management.

Consumer Goods

This group focuses on the unique business risks of manufacturing within retail, hospitality, travel, and consumer goods, including working with third parties, business resiliency, doing business in China, and third-party breach playbooks.

suitcase

Hospitality and Travel

This group's main objectives are to help coordinate and foster closer collaboration between members, share intel, countermeasures, strategies, and best practices in the hospitality and travel sector.

merger

Mergers, Acquisitions & Divestitures

This group focuses on approaches to handling cyber diligence and integration planning for acquisitions and divestitures, including discussions about building in-housing vs buying outside support for cyber diligence, creating a cyber integration plan in partnership with the business and IT, calibrating the plan for different integration strategies, and more.

Restaurants

This group’s main objectives are to help coordinate and foster closer collaboration between members, share intel, countermeasures, strategies, and best practices unique to restauranteurs.

Small Cyber Teams

Designed for organizations with less than $2 billion in annual revenue, this group discusses how to build and establish an information security program despite common challenges with budget and resources. Topics include staff prioritization, maturity road-mapping, tools and integrations, and security operations fundamentals.

Join your peers at RH-ISAC

Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.

Become a member