AT-5 — Contacts with Security Groups and Associations

Stay connected with external security groups, professional associations, and information-sharing communities. You cannot know everything — leverage the security community's collective knowledge.

Example 1: Join the FBI InfraGard program (free for US persons), your sector-specific ISAC (like the DIB-ISAC for defense contractors), and CISA's cybersecurity information sharing programs. Assign a specific person to monitor these feeds and distill relevant threats for your organization.

Example 2: Maintain memberships in professional associations like (ISC)2, ISACA, or ISSA. Attend local chapter meetings and national conferences. These connections provide early warning on emerging threats and best practices from practitioners facing the same challenges you are.