Steve:

Information on the Financial Sector's ISAC.  Key question is will we qualify 
for membership - see para 3.  
If we qualify as a "designated financial services exchange and finance sector 
utilities" this ISAC will work for us.  
If not, I recommend we join the Oil & Natural gas ISAC.  I will forward 
information on NERC's process shortly - Pete


 Frequently Asked Questions

 WHO OWNS THE FS/ISAC?
 The FS/ISAC and the data in the FS/ISAC is owned by the members through the 
FS/ISAC, LLC
 (Limited Liability Corporation) created to manage the ISAC process for 
Financial Services. The
 FS/ISAC is operated by Global Integrity Corporation, a wholly owned 
subsidiary of SAIC.

 WHO ARE GLOBAL INTEGRITY AND SAIC? (Global Integrity is now owned by 
Predictive SYstems Inc.)
 Global Integrity is an information security service provider to commercial 
clients around the world. It
 provides a full complement of information protection, electronic commerce 
security, consulting, and
 engineering services worldwide. Global Integrity Corporation is a wholly 
owned subsidiary of SAIC
 (Science Application International Corporation), the largest employee owned 
research and engineering
 company in the US. Since 1969, SAIC scientist and engineers have worked to 
solve complex technical
 problems in the healthcare, telecommunications, national security, financial 
services, transportation,
 energy, and the environment. With annual revenues approaching $5 billion, 
SAIC and its subsidiaries
 have more than 38,000 employees in 150 cities worldwide.

 WHAT ARE THE MEMBERSHIP REQUIREMENTS?
 Membership is open to the following categories of US entities registered, 
and in good standing, with
 their appropriate regulators: 

      FDIC Insured Bank 
      NASD Licensed investment firm 
      Designated Financial Services exchanges and finance sector utilities 
      Specialized US or State licensed banking companies 
      US or State Licensed Insurance companies 

Membership will be granted to an applicant only after third-party 
verification is completed by the
 FS/ISAC, LLC. 

 WHO HAVE ACCESS TO THE FS/ISAC?
 Financial Services companies who become members of the FS/ISAC, LLC. 

 WHO ARE THE CURRENT MEMBERS?
 Anonymity of members is key to obtaining industry-wide cooperation. The 
member list of the FS/ISAC
 has not and will not be released to anyone. Membership is strictly confined 
to eligible financial service
 applicants as defined by the FS/ISAC, LLC Board of Managers. 

 HOW DOES MY COMPANY BECOME A MEMBER?
 Accessing all materials to become a member is easy. The enrollment process, 
procedures,
 membership agreement, and eligibility form may be obtained from the FS/ISAC,
s web site,
 www.fsisac.com, or by calling our offices at (888) 660-0134. 

 HOW MUCH DOES IT COST TO JOIN THE FS/ISAC?
 Membership fees range from $13,000 to $125,000 depending on the membership 
level selected. 

 HOW DOES THE FS/ISAC WORK?
 For the first time, information security professionals may anonymously share 
in an industry wide
 database of electronic security threats, vulnerabilities, incidents and 
solutions. Members voluntarily will
 report information to the database on either an anonymous or attributed 
basis. Input will be analyzed
 by security specialists for potential solutions and, depending on the 
seriousness of the case, the
 FS/ISAC will distribute an alert to members.

 WHAT IS THE VALUE PROPOSITION TO MY COMPANY?
 There are a number of value added features for each member:

      Early Notification 
      Relevant Information 
      Industry-wide Vigilance 
      Subject Matter Expertise 
      Anonymous Information Sharing 
      Trending, Metrics, Benchmark Data 

 HOW SECURE IS THE FS/ISAC FACILITY?
 The location or locations of the FS/ISAC are secret. The FS/ISAC is 
physically secured and the facility
 is operated remotely. The various components of the FS/ISAC system are 
protected through
 state-of-the-art security techniques, including constant monitoring for 
unauthorized attempts to access
 or alter the system.

 HOW MANY INCIDENTS, THREATS, VULNERABILITIES AND SOLUTIONS ARE CURRENTLY IN
 THE FS/ISAC DATABASE? 
 Information in the database comes from FS/ISAC members, US Government 
agencies, hardware and
 software vendors, and other sources. While the exact number of incidents 
submitted is confidential,
 there have been over 820 entries related to general threats, vulnerabilities 
and solutions impacting the
 critical information infrastructure at large. 

 DOES THE US GOVERNMENT HAVE ACCESS TO FS/ISAC REPORTS?
 No. US Government agencies, such as NIPC, submit information but cannot 
access data.

 HOW IS THE FS/ISAC FUNDED? 
 The FS/ISAC is a private-sector partnership of FS/ISAC, LLC members. 
Membership fees are the sole
 source of funding. Global Integrity provided the start-up funding.

 HOW MANY INCIDENTS WILL BE REPORTED? 
 Since Banking and Finance is the first sector to establish an ISAC, there 
are no historical data from
 which to derive traffic statistics. For the first time, financial services 
companies can share incident
 information via the FS/ ISAC. Some members may choose to share data with 
attributions. Many are
 likely to submit data with complete anonymity. Over time, it is expected the 
database will be
 extensive. 

 HOW WILL THE FS/ISAC DATA BE USED?
 The FS/ISAC data will be used to share incident information among members in 
near-time. The data
 will also be used to develop trending and benchmarking information for the 
benefit of the members. 

 WOULD THE FS/ISAC PREVENT A VIRUS LIKE MELISSA OR WORM.EXPLOREZIP?
 No, it would not prevent a virus or deliberate hacker attack from happening. 
It would, however, give
 members an alert or early warning notice and offer known patches or solution 
recommendations. It
 would enable members to respond quickly to avoid or limit potential damage.

 WHAT IS THE DOWNSIDE RISK OF NOT JOINING THE FS/ISAC?
 You would not avoid the expense or loss of reputation of an unexpected 
incident or attack about which
 the FS/ ISAC would have warned you. You would not have access to the 
near-time database or expert
 analysis that is available to members. 


 For more Information, visit the FS/ISAC,s web site: www.fsisac.com or call: 
(888) 660-0134
 ISAC-FAQ031000