Working Groups
RH-ISAC offers more than 20 working groups for members to collaborate and focus on particular issues. Groups meet on a regular basis via online platforms.
Domain-Specific Groups
Working groups are domain-specific and focus on sharing knowledge, use cases, and best practices in a given subject area.
AI
This group is for organizations leveraging AI technologies to enhance operations, customer experiences, and security capabilities. Discussions focus on three key areas: Securing AI (protecting AI-driven systems, safeguarding data pipelines, managing vendor risks, and ensuring model integrity), AI for security (exploring how security teams can leverage AI for threat detection, response automation, and risk assessment) and attackers using AI (uderstanding and mitigating risks posed by adversaries employing AI to enhance their TTPs).
Gift Card Fraud
This group of retailers is dedicated to gathering collective intelligence on gift card extortion, using relevant data to build cases for law enforcement investigations, and sharing best practices on prevention and detection controls as well as fraud team(s) roles, responsibilities, and organizational alignment.
Fraud
This group is dedicated to preventing and detecting fraud and all the ways it manifests as a cyber threat against organizations and customers in the retail and hospitality sector. This includes sharing intelligence on ATO, bots, ransomware, phishing, refund-as-a-service and loyalty fraud, and domain takedowns/imposter sites; as well as best practices on fraud security controls, and detection tools.
Dark Web
This is a specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.
Identity & Access Management (IAM)
Participants in this group share their company’s IAM journey for the enterprise, customers, or both. Topics include multi-factor authentication (MFA), privileged access management (PAM), customer identity access management (CIAM), role-based access controls (RBAC), just-in-time provisioning, and other zero-trust architecture-aligned IAM principles, as well as single sign-on related concerns.
Incident Response (IR)
This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences, as well as collaborating on incident investigations, threat hunts, and tabletop exercises.
MISP
The MISP Working Group primarily supports the RH-ISAC's efforts to advance its MISP instance’s content and functionalities based on member needs and interest in order to further support member collaboration and threat sharing.
Operational Technology
This group is for retailers who have manufacturing capabilities or use hardware and software to monitor production operations discuss unique security challenges, including the internet of things (IoT), remote access for employees and third-party support, network segmentation strategies, and measuring OT risk.
Risk Management/Third-Party Risk Management
The group seeks to build meaningful and mutually beneficial relationships with cybersecurity professionals who focus on governance, risk, and compliance (GRC) within their organizations. This community is interested in developing key risk indicators (KRIs), business resiliency, cyber risk quantification, cyber insurance, and governance tools, and cloud governance practices.
Security Architecture
This group is for security architects to discuss high level topics regarding security architecture and their infrastructure.
Security Awareness
This group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Topics include phishing program strategies, building a security champions program, leveraging threat detection tools to identify risky behavior, and planning initiatives for Cybersecurity Awareness Month.
Security Tools & Technology
This group focuses on evaluating and optimizing security tools and technologies to enhance cybersecurity defenses. It assesses existing solutions, explores new technologies, and identifies opportunities to improve efficiency. Topics include selecting and integrating tools, evaluating emerging technologies, and optimizing systems to address evolving threats. The group also monitors industry trends, discusses the future of security, and collaborates on recommendations for stronger infrastructures.
Vulnerability Management
This group is dedicated to identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. Sharing these best practices helps prioritize potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited. Other discussion topics include system ownership, application dependencies, secure CI/CD pipeline, and change management.
Special Interest Groups
Special interest groups are unique to personnel roles and responsibilities or industry sectors.
Analyst Community
Nearly 2,500 analysts, threat hunters, and security engineers share real-time cyber intelligence on incidents, threats, vulnerabilities, and associated remediation tactics in this community. The RH-ISAC hosts a Weekly Intelligence call every Tuesday at 1 p.m. ET where members report on the threat landscape.
BISO Community
This group is for to business information security officers (BISOs) who are seeking to better understand organizational alignment, key job functions, required skillsets of the role, as well as the data sources and metrics needed to build and measure the success of a BISO program.
CISO Community
More than 350 CISOs, deputies, and level-equivalents are highly engaged in sharing strategic and operational knowledge for maturing their information security teams. Surveys and requests for information (RFI) provide peer insights on topics related to risk management, security architecture, and resource management.
Consumer Goods
This group focuses on the unique business risks of manufacturing within retail, hospitality, travel, and consumer goods, including working with third parties, business resiliency, doing business in China, and third-party breach playbooks.
Gaming
This group fosters closer collaboration and sharing between members in the gaming sector. It also welcomes participation from partner organizations in the sector, notably Tribal-ISAC and the International Gaming Standards Association (IGSA), as well as the American Gaming Association (AGA). The group also plans an annual workshop that coincides with the AGA’s Global Gaming Expo (G2E).
Hospitality and Travel
This group's main objectives are to help coordinate and foster closer collaboration between members, share intel, countermeasures, strategies, and best practices in the hospitality and travel sector.
Mergers, Acquisitions & Divestitures
This group focuses on approaches to handling cyber diligence and integration planning for acquisitions and divestitures, including discussions about building in-housing vs buying outside support for cyber diligence, creating a cyber integration plan in partnership with the business and IT, calibrating the plan for different integration strategies, and more.
Restaurants
This group’s main objectives are to help coordinate and foster closer collaboration between members, share intel, countermeasures, strategies, and best practices unique to restauranteurs.
Small Cyber Teams
Designed for organizations with less than $2 billion in annual revenue, this group discusses how to build and establish an information security program despite common challenges with budget and resources. Topics include staff prioritization, maturity road-mapping, tools and integrations, and security operations fundamentals.
Join your peers at RH-ISAC
Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.
