August 2014 Monthly Highlights

October 21, 2014

• POLICY— the ISA board of directors met and set two policy directions for the organization. First, regarding legislation. It was agreed that no significant cyber security legislation is likely to pass in this Congress. However, given the currently trending politics and the prospect for a GOP Congress and Democratic President in 2015 it was decided that a significant portion of the fall board meeting be devoted to possible new legislative alternatives which would be practical in the expected divided government. Second, regarding the Request for Information (RFI) on the NIST Framework released in late August. The board directed ISA to prepare comments in line with the 5 policy white papers ISA released when the Framework was released in February. These papers support the Framework but call for additional work defining goals and metrics (including beta testing) and fulfilling areas of the President’s call for the Framework to be prioritized and for cost benefit analysis to be done.

• BOARD OF DIRECTORS PROJECT – The ISA Handbook for corporate director’s analysis of enterprise cyber security has now been downloaded 15,000 times from the National Association for Corporate Directors website (NACD). The Handbook has also been endorsed by the International Association of Internal Auditors and the US Chamber of Commerce. ISA initiated a separate program to place ISA board members on other outside corporate boards.

• EUROPEAN ISA AFFILIATE – The Internet Security Alliance for Europe (ISAFE) launched its first product, a Daily Bulletin which has already reached more than 100 subscribers. ISAFE announced it will hold its first policy conference call of prospective members in September and plan its first lobbying/recruitment event in November in Brussels.