Special Interest & Working Groups
RH-ISAC offers more than 20 discussion and working groups for members to collaborate and focus on particular issues. Groups meet on a regular basis via online platforms.
Security Collaboration Groups
Application Security
This working group meets on a monthly basis for an open forum discussion where practitioners and thought leaders can tackle challenges in product security, application security, and software security fields. Topics include: DevSecOps, cloud security, security champions, security by design, shifting left, and security automation tooling.
ATO Prevention
This strategic-level group is focused on identifying and promoting the adoption of group identified industry best practices regarding account takeover (ATO) threats, as well as sharing mitigation strategies.
Dark Web
A specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.
Identity & Access Management
This group provides the opportunity to hear from others working on identity and access management (IAM) for their enterprise, customers or both. In monthly calls, an RH-ISAC member shares their company's journey with lively Q&A that follows.
Incident Response
This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences; collaborates on incident investigations, threat hunts, and tabletop exercises.
Risk Management
This community is interested in developing enterprise risk management policies that can mitigate the impact and likelihood of attacks. In partnership with CyberGRX, the benchmark initiative allows all RH-ISAC members to complete a free self-assessment, analyze common high risk areas, and discuss strategies to improve security posture.
Security Awareness
This working group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Bi-monthly meetings cover topics such as phishing program strategies, application and secure code training, and leveraging threat detection tools to identify risky behavior.
Security Operations
This group shares operational strategies to help improve the efficiency and effectiveness of security program capabilities. The group arranges monthly interviews of strategic leaders who share their journey in building their information security program. Each interview includes time for discussion.
Third-Party Risk Management
This working group shares insights and information for building a third-party risk management program, including how to work with internal teams to identify and assess suppliers and verify what vendors have elevated levels of privilege within your networks.
Vulnerability Management
This group is dedicated to the exchange of best practices for identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. A proactive approach to security allows for appropriate prioritization of potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited
Tool-Based Groups
Crowdstrike Falcon EDR
A place for users of the Crowdstrike Falcon EDR tool to ask each other questions, discuss use cases, and share best practices.
MISP
The goal of the MISP Working Group is a steady-state collaborative environment for RH-ISAC members to exchange experiences in MISP development, and to jointly mature their current MISP implementations by focus and collaboration on MISP implementation best practices. The working group is also supporting and informing RH-ISAC efforts to implement an ISAC MISP instance, based on member interest, in order to further support member collaboration and threat sharing.
SOAR
The SOAR (Security Orchestration, Automation, and Response) Users’ Group provides a forum for members to learn how others are effectively using software solutions and tools to streamline and automate security operations.
Splunk
The objective of the Splunk Users’ Group is to learn how other members are making the most effective use of Splunk. This includes ingesting RH-ISAC threat intel from TruSTAR, building detections, managing alerts, configuring custom dashboards, and integrating with other tools to increase automation.
YARA
The goal of the YARA Users' Group is to provide a collaborative community where YARA users can learn from other malware detectives, and build and share techniques and descriptions (a.k.a rules).
Industry-Focused Groups
Gaming & Hospitality Special Interest Group
The Hospitality & Gaming Special Interest Group fosters a secure, collaborative forum for gaming, hospitality, and entertainment organizations to share threat intelligence. Information shared through this special interest group will translate to detection, mitigation, and improved response capabilities to reduce business risks, protect customer accounts, and create safer experiences within our ecosystem.
Franchise Working Group
The Franchise Working Group addresses cybersecurity issues within the franchisee operating model, vendor outsourcing/solution provider support, cybersecurity framework models, and shares best practices to address challenges and increase awareness among franchisees to collectively mitigate risks.
Operational Technology Special Interest Group
The objective of the Operational Technology Special Interest Group is to provide best practice collaboration for those retailers who may have manufacturing or plant capabilities and are concerned with the unique security challenges for enabling internet of things (IoT), connective devices and technology that supports retail production operations.
Join your peers at RH-ISAC
Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.
