IT-ISAC (Information Technology Information Sharing and Analysis Center) is a facility founded in January, 2001 by nineteen prominent IT industry companies (including Oracle, IBM, EDS, and Computer Sciences) to serve as a central repository for security-related information. The group's purpose is to share each organization's information about security attacks and vulnerabilities among all the members. Member companies are expected to report information concerning security problems that they have or solutions to such problems that they have found. IT-ISAC should increase security levels and decrease monetary losses for its membership, at a time when - according to FBI estimates - the average security attack can cost an organization $400,000.
President Clinton, in May of 1998, issued Presidential Decision Directive 63, appealing to US industry leaders to form information sharing and analysis groups to protect the nation's critical infrastructures against attacks, and establishing that purpose as a national security policy. Because much of the nation's infrastructure is privately owned and operated, effective security measures depend upon collaboration between the public and private sectors. In response to the directive, the Financial Services industry formed FS-ISAC (Financial Services Information Sharing and Analysis Center) in 1999. The effectiveness of the new group was demonstrated in February of 2000, when it saved its membership from falling victim to the widespread denial of service attacks that affected much of the industry.
IT-ISAC is modeled on the financial services group, which distributes much of its information anonymously. Anonymity helps members to be more comfortable sharing information in a traditionally competitive industry where the security of organization-critical information has been very closely guarded.