Larry Clinton’s Statement to U.S. Senate Committee on Commerce, Science, and Transportation
CYBERSECURITY IS NOT AN “IT” ISSUE. TO ADDRESS IT EFFECTIVELY WE NEED TO LOOK AT CYBERSECURITY AS AN ECONOMICS ISSUE Expecting technology to provide the answer to our cybersecurity problems would be a perilous course. A more promising path would be to understand the true nature of the cyber threat and take a more enterprise […]
CYBER REGULATION FACT SHEET SHOWS GOVERNMENT MANDATES ARE COUNTER-PRODUCTIVE
(WASHINGTON, D.C.) – The Internet Security Alliance today released a “Cyber Regulation Fact Sheet,” demonstrating multiple examples of how the tremendous growth in cybersecurity rules and regulations is diverting scarce security resources and actually undermining our nation’s cyber defenses. “One of the unintended consequences for organizations, like ISA who has been raising awareness of the […]
Metrics abound, but who should be required to measure cyber effectiveness remains a key question
The government has suggested many ways to use metrics to measure the effectiveness of cybersecurity investments, but who should be using these measurement tools – and whether doing so should be required – remains open questions that will affect the scope and movement of these plans. Industry remains somewhat divided on the role of metrics, […]
Latest Executive Order Draft Promotes Risk-Based Approach
The latest version of the draft of a cybersecurity executive order from the Donald Trump White House would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations’ IT assets. The draft executive order also would require federal agencies […]
Reform the Defense Supply Chain to Face the Realities of Conflict in the Digital Age
For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […]
House bill requiring cyber audits by NIST could overhaul agency’s role
Having the National Institute of Standards and Technology audit other federal agencies’ cybersecurity practices is not a matter of NIST “stepping up” its game, as House Science Chairman Lamar Smith (R-TX) said this week – rather it would be a matter of dramatically redefining NIST’s role and relationship with other federal entities. The Science panel’s […]
ISA SEES BILL ON NIST FRAMEWORK AS STEP IN THE RIGHT DIRECTION
(WASHINGTON, D.C.) – The Internet Security Alliance said today that the legislation the House Science Committee is scheduled to consider this week is a step in the right direction, and that it hopes to work with the Committee to refine it as it moves forward through the legislative process. The bill calls on NIST to […]
Bill Seeks Metrics for NIST Cybersecurity Framework
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to demonstrate the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered – and likely amended – at a markup session of the House Science, Space and Technology Committee on March 1. The measure, known as the NIST Cybersecurity […]
Why Isn’t There An Academy Awards Ceremony for Cybersecurity
Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […]
Cyber Risk Management Guidance for Corporate Directors
Cyber risk management is an increasingly important challenge for organizations of all kinds and sizes. Corporate directors have a legal responsibility to ensure that their corporations have appropriate cyber risk management policies and practices and are prepared to respond effectively to cyber incidents. Corporate directors can obtain helpful guidance from regulators, industry associations and other […]
