RH-ISAC offers nearly 20 working groups for members to collaborate and focus on particular issues. Groups meet on a regular basis via online platforms.
Domain-Specific Working Groups
Working groups are domain-specific and focus on sharing knowledge, use cases, and best practices in a given subject area.
This is a specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.
Gift Card Fraud
This group of retailers is dedicated to gathering collective intelligence on gift card extortion, using relevant data to build cases for law enforcement investigations, and sharing best practices on prevention and detection controls as well as fraud team(s) roles, responsibilities, and organizational alignment.
This group is dedicated to preventing and detecting fraud and all the ways it manifests as a cyber threat against organizations and customers in the retail and hospitality sector. This includes sharing intelligence on ATO, bots, ransomware, phishing, refund-as-a-service and loyalty fraud, and domain takedowns/imposter sites; as well as best practices on fraud security controls, and detection tools.
Identity & Access Management (IAM)
Participants in this group share their company’s IAM journey for the enterprise, customers, or both. Topics include multi-factor authentication (MFA), privileged access management (PAM), customer identity access management (CIAM), role-based access controls (RBAC), just-in-time provisioning, and other zero-trust architecture-aligned IAM principles, as well as single sign-on related concerns.
Incident Response (IR)
This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences, as well as collaborating on incident investigations, threat hunts, and tabletop exercises.
This group is for retailers who have manufacturing capabilities or use hardware and software to monitor production operations discuss unique security challenges, including the internet of things (IoT), remote access for employees and third-party support, network segmentation strategies, and measuring OT risk.
The group seeks to build meaningful and mutually beneficial relationships with cybersecurity professionals who focus on governance, risk, and compliance (GRC) within their organizations. This community is interested in developing key risk indicators (KRIs), business resiliency, cyber risk quantification, cyber insurance, and governance tools, and cloud governance practices.
This group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Topics include phishing program strategies, building a security champions program, leveraging threat detection tools to identify risky behavior, and planning initiatives for Cybersecurity Awareness Month.
Third-Party Risk Management (TPRM)
This group shares information for building a third-party risk management program and works together to benchmark and assess common retail suppliers. Insights can be used to highlight which vendors are most susceptible to threats and have elevated privilege within their networks, as well as help as practitioners understand inherent risk, implement mitigating security controls, and develop an incident response plan for third parties.
This group is dedicated to identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. Sharing these best practices helps prioritize potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited. Other discussion topics include system ownership, application dependencies, secure CI/CD pipeline, and change management.
Tool-based groups focus on technology commonly used in security stacks.
Crowdstrike Falcon EDR
This group offers a place for users of the Crowdstrike Falcon EDR tool to ask each other questions, discuss use cases, and share best practices.
The MISP Working Group will primarily support the RH-ISAC's efforts to advance our MISP instance’s content and functionalities based on member needs and interest in order to further support member collaboration and threat sharing.
The SOAR (Security Orchestration, Automation, and Response) Users’ Group provides a forum for members to learn how others are effectively using software solutions and tools to streamline and automate security operations.
The objective of the Splunk Users’ Group is to learn how other members are making the most effective use of Splunk. This includes ingesting RH-ISAC threat intel from TruSTAR, building detections, managing alerts, configuring custom dashboards, and integrating with other tools to increase automation.
Special Interest Groups
Special interest groups are unique to personnel roles and responsibilities or industry sectors.
Nearly 2,500 analysts, threat hunters, and security engineers share real-time cyber intelligence on incidents, threats, vulnerabilities, and associated remediation tactics in this community. The RH-ISAC hosts a Weekly Intelligence call every Tuesday at 1 p.m. ET where members report on the threat landscape.
This group is for to business information security officers (BISOs) who are seeking to better understand organizational alignment, key job functions, required skillsets of the role, as well as the data sources and metrics needed to build and measure the success of a BISO program.
More than 350 CISOs, deputies, and level-equivalents are highly engaged in sharing strategic and operational knowledge for maturing their information security teams. Surveys and requests for information (RFI) provide peer insights on topics related to risk management, security architecture, and resource management.
When needed, RH-ISAC staff can organize discussions for specific industry sectors within our membership, such as fuel retailers, food retailers, gaming and hospitality, or members operating with a franchisee model.
Small Cyber Teams
Designed for organizations with less than $2 billion in annual revenue, this group discusses how to build and establish an information security program despite common challenges with budget and resources. Topics include staff prioritization, maturity road-mapping, tools and integrations, and security operations fundamentals.
Join your peers at RH-ISAC
Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.