Petya Provides Context for Briefing Council on Foreign Relations
It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […]
ISA TO BRIEF COUNCIL ON FOREIGN RELATIONS ON CYBERSECURITY
(WASHINGTON, D.C.) – Internet Security Alliance President Larry Clinton will be the featured speaker at the meeting of the Council on Foreign Relations Roundtable on Digital Policy at noon, June 29th. Mr. Clinton will speak on “US Government Efforts to Improve Cyber Security” “The latest massive cyber-attacks only highlight the need for industry and government […]
Maintaining Cybersecurity During Mergers & Acquisitions
Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […]
Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance
Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […]
Directors Need to Set the Standards and Expectations for Management to Establish Well-Staffed and Well-Funded Cyber-Risk Framework
Much like any response plan, a cybersecurity framework is only successful if it is well-staffed and well-funded. Otherwise, it simply will not be able to adequately handle the stresses caused by a breach. In a world where malware and ransomware are increasing both in frequency and severity – Wannacry, for example, affected 200,000 computers in […]
Boards Need Access to Adequate Cybersecurity Expertise – And Need to Give it Adequate Time on Meeting Agendas
Cyber literacy can be considered similar to financial literacy – not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business. As we all know, cybersecurity is very much a moving target. The threats and vulnerabilities change almost daily, and the […]
Boards Need to Be Aware of Evolving Cyber-Legal Landscape
Boards of directors face several versions of risk from cyber breaches. Obviously, there is the risk of loss or manipulation of the data. There is also a risk of reputational loss. However, regardless of the actual data or reputational impacts boards need to be concerned about legal risks that can occur unrelated to the other […]
HHS Points The Way Forward For Improved Cybersecurity
Last month President Trump issued an Executive Order on cybersecurity that called on all federal agencies to assess their status on information security and for the leadership to take steps required to mediate threats. Last week the Department of Health and Human Services (HHS) released its Healthcare Industry Cybersecurity Task Force report, which provides a […]
ISA Workforce Development Specific Recommendations and the Presidential Commission on Enhancing National Cybersecurity
ISA Workforce Development Recommendations Source: Chapter 9 of The Cybersecurity Social Contract: Implementing a Market-Based Model for Cybersecurity Presidential Commission on Enhancing National Cybersecurity Focus A National Initiative On Building the Talent Pipeline “Attracting students into the federal government must be augmented by an aggressive strategy to build the pipeline of interest in earlier grade […]
ISA Utilities Sector Specific Recommendations and the Presidential Commission on Enhancing National Cybersecurity
ISA Telecom Sector Recommendations Source: Chapter 8 of The Cybersecurity Social Contract: Implementing a Market-Based Model for Cybersecurity Presidential Commission on Enhancing National Cybersecurity Enhance Information Sharing Between Utilities and The Federal Government “Utilities, as highly regulated entities, have a long history of collaborating with government. But there are obvious caveats. They require a better […]
