Top 25 ISA Accomplishments in 2017

May 3, 2018

Top 25 ISA Accomplishments in 2017

 

  1. For the second year in a row, ISA President Larry Clinton is selected to the “Corporate 100” list of most influential Americans in the field of corporate governance. Clinton is the first cybersecurity professional named to the list.
  1. The National Association of Corporate Directors (NACD) co-hosts with ISA a press conference at the National Press Club, to promote the publication of the NACD Cyber-Risk Oversight Handbook 2.0. Representatives from both Departments of Homeland Security and Justice join NACD and ISA in promoting and discussing the benefits of the Handbook.
  1. The US Departments of Homeland Security and Justice endorsed the second edition of the ISA-NACD Cyber-Risk Oversight Handbook for Corporate Boards. Both departments provided an appendix to be included in the Handbook on government resources for cybersecurity.
  1. BSI, the cybersecurity lead agency for the Federal Republic of Germany, agrees to cosponsor ISA’s joint program with NACD to develop a German version of the Cyber-Risk Oversight Handbook for Corporate Boards. With publication of the German edition, ISA’s best practices for corporate boards will have been endorsed by both the major western economic super powers.
  1. ISA will co-host, with NACD and their European affiliates – the GDNI – the First Global Forum on Cybersecurity, specifically targeting corporate boards. The event will take place in Geneva, Switzerland in April of 2018. It is hoped that this event will provide a spring board for further international collaboration on international cybersecurity policy at the board level.
  1. ISA is selected by the IT Sector Coordinating Council (IT SCC) to be the co-lead with the Department of Homeland Security Infrastructure Protection Directorate in a new program to investigate and provide proposals to the White House and OMB on how to streamline cybersecurity regulations. IT SCC had previously endorsed regulatory streamlining (an ISA goal) as a goal for the sector and DHS has agreed that it is now a joint government goal as well.
  1. ISA and the National Association for Corporate Directors held our second Cyber Summit for corporate board members in Chicago. A dozen ISA board members were featured speakers. ISA also hosted an invitation only dinner for NACD’s Leadership Council of Directors.
  1. ISA, in conjunction with the German Government (BSI), hosts workshop on cybersecurity for German Boards of Directors. The event is second stage in a program ISA is conducting, in conjunction with the National Association of Corporate Directors and the Global Network of Directors Institutes, culminating in the first Global Cyber Forum in Geneva (April 2018). The Frankfurt event was focused on adapting the Cyber-Risk Oversight Handbook for Corporate boards, which ISA created for NACD, to the German context. BSI Director Arne Schönbohm provided the keynote and endorsed the Handbook program.
  1. ISA hosts cyber workshops for corporate boards in London. The London event is like the Frankfurt event as both are attempting to adapt the Cyber-Risk Oversight Handbook, created with NACD in the US, to the unique environments in Germany and the UK. Robert Hannigan, Former Director, GCHQ keynotes the London event.
  1. ISA signs new 5-year deal with DLA Piper to provide all ISA sponsors access to a revitalized version of CyberTrak (mapping cyber laws and regulations across 21 major world markets), free of charge to ISA sponsors until 2022. ISA will also receive a revenue share of 50% from the first $150,000 worth of cyber track subscriptions DLA sells and ISA is not constrained from partnering with other third-party providers on similar services.
  1. ISA honors House Homeland Security Committee Chairman Michael McCaul with McCurdy award for Chairman McCaul’s work within the space. Chairman McCaul has been working with ISA for over a decade and provided a keynote address at ISA’s 15th Anniversary conference. Mr. McCaul has met with the ISA board several times, has sponsored ISA briefings before the Congressional Cybersecurity Caucus, and is perhaps the most prolific and positive cybersecurity legislator in Congress.
  1. ISA President Larry Clinton receives the Cyber Futures Award.
  1. ISA conducts annual board member evaluations, resulting in great performance ratings across the board and achieves 100% renewal rate from sponsoring companies from 2016 to 2107.
  1. Leidos joins ISA as 21st sponsor company.
  1. ISA revamps and publishes a new, modern website that promotes ISA’s thought leadership and policy advocacy within the cybersecurity space.
    15. In the first response to the President’s Executive Order on cybersecurity, the Department of Health and Human Services released its report, endorsing ISA’s recommendations, including calling for Executive level training following the NACD model, offering several market incentives to promote cybersecurity, calling for streamlined cyber regulations, and aggressive workforce development.
  1. ISA enters into a project with analytics firm, Contexture, to attempt to rationalize and track the plethora of cybersecurity regulations, specifically for the financial services sector. ISA board sponsor, USAA, is participating as subject matter experts to help identify the various regulatory bodies that oversee the financial services sector. ISA has received interest from multiple sectors for cybersecurity regulatory realignment and, should the project go well, ISA may extend the analysis of the cybersecurity regulatory environment to other sectors.
  1. ISA hosts the Cybersecurity Council of Germany (CSCG) in a joint conference at the National Press Club in Washington DC to conclude Cybersecurity Awareness month. The Press Club event serves as the kickoff for ISA’s joint program with NACD to develop international versions of the ISA-produced, NACD-published Cyber-Risk Oversight Handbook for Corporate Boards. The next phase of this project will conclude at the first Global Cyber Conference for Corporate Boards to be held in Geneva in April 2018, co-sponsored by ISA and NACD. The event also highlights how the two democratic superpowers must bridge differences on protecting critical infrastructure and personal privacy.
  1. ISA produced a series of memos for the Senate and House Committees with jurisdiction over cybersecurity policy, focused on how each Committee can execute, within their jurisdictions, President Trump’s Executive Order on Cybersecurity (EO 13800). ISA issued and circulated these memos to the Committees within 24 hours of President Trump releasing his executive order. Within these memos, ISA highlighted how EO 13800 aligned with ISA’s recommendations as articulated in The Cybersecurity Social Contract, 2016 version.
  1. The Better Business Bureau appoints ISA President Larry Clinton, on behalf of the Association to the Advisory Board for the Small Business Cybersecurity Institute. The Institute’s mission is to assist small businesses in better understanding and managing the evolving cyber threat. One of ISA’s principle goals, as stated in its 2017 edition of The Cybersecurity Social Contract is to increase cybersecurity in smaller institutions.
  1. Wharton School at the University of Pennsylvania asks the ISA to design and present a course in cybersecurity risk management for their Stonier Graduate program for Corporate Executives. The course is to be modeled on the NACD Cyber-Risk Oversight Handbook and targeted specifically for the financial services industry. The one-day course is scheduled to be taught at Wharton in Philadelphia as part of Stonier’s regular Executive Management series June 7-14, 2018.
  1. Congressman Tom Rooney (R-FL) works with ISA to develop language around examining the NIST Cybersecurity Framework for effectiveness and cost-effectiveness as called for the Executive Order 13636. The language was included in the committee report for the FY 18 Commerce, Justice, and Science Appropriations bill.
  1. ISA issues press release in support of House Science bill, which would result in development of outcome-based metrics for federal agency implementation of the NIST Framework, calling the bill a step in the right direction for cybersecurity. House Science Committee staff thankful and appreciative of ISA support.
  1. The House Small Business Committee reaches out and solicits ISA advice on information sharing for small businesses. ISA recommends some language revisions and additions, as well as connects the Committee to the Better Business Bureau. The bill would enhance cybersecurity liability protections for small businesses as well as create incentives for small businesses to increase information sharing with the government.
  1. ISA Board of Directors meets privately with Senate Homeland Security Chairman Ron Johnson (R-WI) to discuss how ISA’s regulatory streamlining project can assist in forming bi-partisan legislation to eliminate redundant or conflicting cybersecurity regulations. Chairman Johnson followed ISA’s recommendations for implementing the President’s Executive Order and held the Congress’ first hearing focused on ISA priority: streamlining cyber regulations. Chairman Johnson also indicated he would prepare legislation on this issue.
  1. ISA issues comments on NIST draft v1.1 of the Cybersecurity Framework (CSF), in partnership with the FAIR Institute, wherein ISA calls on NIST to replace the metrics language as written in the first draft of v1.1 to emphasize the strategic nature of cybersecurity’s effect on business results and to focus on independent validation of effectiveness internal to organizations, following an enterprise-wide approach to metrics that integrates the NIST CSF at the right level. ISA then participates and reiterated these themes at the NIST Workshop in May 2017. The ISA Board of Directors also meets privately with the Director of the National Institute of Standards and Technologies, Matt Barrett, to discuss how the NIST Cybersecurity Framework should be refined and NIST metrics alignment. NIST adopted ISA’s recommendations in their second draft of NIST v1.1, wherein they revise the metrics section to emphasize “self-assessment and measurement,” so that cybersecurity measurement is more supportive of high-level decision making by senior executives and oversight by boards of directors. Additionally, Congressman Jim Langevin, Co-Chair of the House Cybersecurity Caucus, requested a meeting with ISA to follow up on ISA’s proposals for developing cost benefit metrics for NIST Framework. ISA board meets with Rep. Langevin (D-RI) to discuss the development of cybersecurity metrics and how the Caucus can be used to better educate Members of Congress on Cybersecurity.