The Africa wide Information-Sharing and Analysis Centre (ISAC) is the core component of the ACRC and first of its kind in the continent.
Large scale Information Sharing about threats, vulnerabilities and best practices is the prerequisite to efficient management of cybersecurity. The continent’s Financial Institutions have to cooperate to match the fast pace of hackers, who are most often international criminal organizations looking for immediate profits. The Financial Sector is naturally one of their main targets.
Exchanging sensitive information to adapt proactively security measures needs to build a trusted network between peers. It requires to set up a community opened to national, regional and international stakeholders to drive peer-to-peer exchange in a supporting environment:
- A specific independent organization, the ISAC, which is a centre of expertise in threat and incident management,
- Processes and policies to ensure confidentiality and full control of what is disclosed and to whom,
- Technical conferences and work-groups, with close or open groups depending on the matter, to get people to know each other and work together,
- An automated Malware Information Sharing Platform (MISP) to share Indicators of Compromise (IoC),
- Exchanges with other sectorial and non-sectorial intelligence communities at the international, continental, sub-regional or local levels, including with national CERTs and Central Banks, in respect of confidentiality,
- Regular reporting, bulletin and in depth analysis to rise awareness among stakeholders,
- Large scale incident and crisis management coordination.