FAQs

What does FS-ISAC mean? 

The Financial Services Information Sharing and Analysis Center.

What is an ISAC? 

Information Sharing and Analysis Centers (ISACs) were created in response to Presidential Decision Directive-63 (PDD-63), signed in 1998, which called for each critical infrastructure sector to establish sector-specific organizations to share information about cyber threats and vulnerabilities. After 9/11, the mission of ISACs was expanded to include the sharing of physical threats and vulnerabilities.

ISACs are trusted entities that collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. Besides sharing threat information with members, ISACs also share information with government and other critical infrastructure ISACs. ISACs are nonprofit corporations and most belong to the National Council of ISACs (NCI).

There are 16 critical infrastructures defined by DHS and each one has a sector-specific government agency assigned to each. Examples of other ISACs include Communications, Defense Industrial Base, Electricity, Multi-State, National Health and Oil & Gas.

What does the FS-ISAC do? 

The FS-ISAC gathers threat, vulnerability, and risk information about cyber and physical security risks faced by the financial services sector around the world. Sources of information include FS-ISAC members, commercial companies who gather this type of information, government agencies, CERTs, academic sources and other trusted sources. After analysis by industry experts, alerts are delivered to participants based on their level of service.

In recent years, FS-ISAC has expanded its services to include world-class Summits throughout the globe, sector-wide and cross-sector exercises and expanded educational services and trainings. FS-ISAC has also taken on two large industry initiatives; the Financial Systemic Analysis and Resilience Center and Sheltered Harbor. These member-born initiatives are just two examples of how FS-ISAC constantly works to better defend the global financial services industry.

What information is contained in an alert? 

Members may create a profile on the FS-ISAC website to identify specific areas of interest or receive all alerts. For both physical and cyber events, alerts contain a description of the threat or vulnerability, its severity, and recommendations for solutions.

Who belongs to the FS-ISAC? 

The FS-ISAC has nearly 7,000 members in 38 countries. Examples of types of companies belonging to FS-ISAC include banks, broker-dealers, insurance companies, credit unions, payment processors, associations and more. FS-ISAC is actively recruiting members and accepting member applications from firms around the world. Member firm names are not released without member permission and no data is ever attributed to an individual member without that member's permission.

How long has the FS-ISAC existed? 

The FS-ISAC was launched in 1999 and quickly established an anonymous information sharing capability within the financial services industry. FS-ISAC has continued to evolve and offer its members more and more valuable services, including: Automated threat indicator sharing; regular threat calls, webinars, emergency member calls and events to share best practices and threat trends; all-hazards crisis response playbooks and much more. In addition, FS-ISAC has expanded its charter to better support the needs of the its members around the world.

Why is belonging to the FS-ISAC important? 

Protecting the global financial services critical infrastructure has become a priority for our industry. Each firm in our sector has the responsibility for doing its part in sharing information to protect their own firms and the financial services sector critical infrastructure. Threats and risks to the financial services sector no longer stop at country borders. Being a member of the FS-ISAC is one way your firm can help protect your clients from loss or inconvenience and support cyber security initiatives around the world.

Who is eligible to join the FS-ISAC? 

FS-ISAC membership and participants include regulated financial firms and other eligible firms in the financial services sector world-wide:

  • Banks & Credit Unions
  • Securities Firms
  • Insurance Companies
  • Credit Card Companies
  • Payment Processors
  • Mortgage Banking Companies
  • Financial Services Sector Utilities
  • Financial Services Service Bureaus
  • Appropriate Industry Associations
  • Hedge Funds
  • Security Service Providers
  • Others

How much does it cost to join? 

Pricing varies from as little as $250 per year to $50,000, depending on the size of your firm and level of service that best meets the needs of your firm. The FS-ISAC has organized into multiple levels of service in order to serve all eligible firms. Visit our Membership Benefits section to review detailed features and benefits of each level of service. FS-ISAC also offers a free membership, Critical Notification Only Participant (CNOP), for those who only wish to receive the most critical public alerts. This membership offers no access to the member portal or any of the benefits listed below. For a more comprehensive list of benefits each membership provides

Why is there a fee for being a member of the FS-ISAC? 

FS-ISAC is non-profit managed by member financial services organizations, and is entirely funded by the private sector. FS-ISAC offers a variety of value-added information sharing and analysis tools which include the following, all at no additional cost to membership (depending on membership level):

  • 24X7 Security Operations Centers around the world
  • Membership Portal
  • CINS Crisis Notifications
  • Member Submissions capability via anonymous and attributed Submissions
  • Physical and Cyber Alerts
  • Customization of Email Notification Profile
  • Submit and Participate in Member Surveys
  • Access to Industry Best Practices
  • Threat Conference Calls
  • Access to Member Contact Directory
  • Working Groups and Committees
  • Access to FS-ISAC Member Meeting Summits and Trainings

Why should my firm join? 

If you are a financial services firm, or serve the sector, you are part of the banking and finance critical infrastructure. Your firm has the responsibility for doing its part to help protect the global banking and finance critical infrastructure. The U.S. Treasury, the Department of Homeland Security, the U.S. Secret Service, and the Financial Services Sector Coordinating Council and many other associations, agencies and entities world-wide recommend membership in the FS-ISAC as one way your firm can help protect the critical infrastructure that is now truly global in nature. By joining, you enable our industry to create and maintain an effective information sharing capability and ultimately navigate its own future instead of relying on regulators to do so. While the benefits of membership are numerous, this alone is the best reason to join.

How do I become an FS-ISAC member? 

Applications for each level of service are available at our Membership Benefits section. In addition, JOIN FS-ISAC buttons are located throughout this site. For inquiries about new memberships, call 877-612-2622 – prompt 3 or email marketing@fsisac.com

After submitting an application, how long does it take for activation? 

The time between application and activation depends on a number of factors including the type of membership being applied for and the volume of applicants at the current time.

Who manages the FS-ISAC? 

The FS-ISAC Board of Directors sets the policies and rules for the FS-ISAC. FS-ISAC is a member-driven organization, managed by full-time staff of 90 people including experts who manage communities for broker-dealers, insurance companies, community institutions and credit unions, payment processors and more.