Browse Definitions :
Definition

Cybersecurity Information Sharing Act (CISA)

Cybersecurity Information Sharing Act (CISA) is proposed legislation that will allow United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Sharing is voluntary for participating organizations outside the government.

Currently, a number of U.S. regulatory frameworks impede sharing. For example, should a hospital in the United States came under attack, hospital administrators could be prevented from sharing information with government agencies because of privacy restrictions in the Health Insurance Portability and Accountability Act (HIPAA).

Under CISA, the Director of National Intelligence and the federal departments of Homeland Security, Defense and Justice are required to work together and develop procedures for sharing cybersecurity threat information. Non-federal entities will be required to remove personal information before sharing cyber-threat indicators, and the Department of Homeland Security (DHS) will be required to conduct a privacy review of received information.

Opponents of the legislation worry that the federal government will abuse how uses the information it gathers. As of this writing, the government may only use shared information to:

  • Identify a cybersecurity purpose.
  • Identify the source of a cybersecurity threat or security vulnerability.
  • Identify cybersecurity threats involving the use of an information system by a foreign adversary or terrorist.
  • Prevent or mitigate an imminent threat of death, serious bodily harm or serious economic harm, including a terrorist act or a use of a weapon of mass destruction.
  • Prevent or mitigate a serious threat to a minor, including sexual exploitation and threats to physical safety.
  • Prevent, investigate, disrupt or prosecute an offense arising out of a threat such as serious violent felonies or relating to fraud and identity theft.

This was last updated in February 2016

Continue Reading About Cybersecurity Information Sharing Act (CISA)

SearchCompliance

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • PKI (public key infrastructure)

    PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange ...

  • obfuscation

    Obfuscation means to make something difficult to understand.

  • dumpster diving

    Dumpster diving is looking for treasure in someone else's trash.

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close