INTERNET SECURITY ALLIANCE

CYBERSECURITY FOR BUSINESS

Chapter 1 – Cybersecurity is (Not) an IT Issue

Chapter 2 – Effective Cybersecurity Principles for Boards of Directors

Chapter 3 – Structuring for the Digital Age

Chapter 4 – A Modern Approach to Assessing Cyber Risk

Chapter 5 – The Role of HR Functions in Scaling Cybersecurity and Building Trust

Chapter 6 – Cybersecurity and the Office of the General Counsel

Chapter 7 – Cybersecurity Audit and Compliance Considerations

Chapter 8 – Cyber Supply Chain and Third-Party Risk Management

Chapter 9 – Technical Operations

Chapter 10 – Crisis Management

Chapter 11 – Cybersecurity Considerations During M&A Phases

Chapter 12 – Developing Relationships with the Cybersecurity Team

Chapter 1 - Cybersecurity is (Not) an IT ISSUE

summary

In short, cybersecurity needs to be understood and treated as a core business issue, much like legal and finance. No organization would make a significant business decision without consulting business and finance. In the 21st century very few business decisions ought to be made without considering their cybersecurity aspects.

There are many additional steps an organization needs to take to comprehensively address cyber risk which will be described in succeeding chapters.

Taking the right steps entails reconsidering corporate structure (as discussed in Chapter 3) and using modern cyber risk assessment tools that go beyond the traditional frameworks and checklists (as discussed in Chapter 4), as well as engaging personnel from across the enterprise in addressing a series of specific cyber issues (as discussed in Chapter 6).

Play
Play
Play
Play
Play
Previous
Next
Key Ideas
  • Organizations have made little progress in addressing cyber risk in large part because they have viewed the issue with an excessively narrow focus as just a technical/operational issue.

  • To compete in the modern economy, enterprises must engage in digital transformation.

  • Digital transformation can generate a substantial increase in growth and profitability, but can also vastly increase risk.

  • Foundational technical security measures are necessary, but alone are not sufficient to address cyber threats. Cybersecurity must be an enterprise-wide risk management issue.

  • Organizations cannot completely secure themselves, but they can manage their cyber risk with appropriate understanding, structure, investment and risk-management methods.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

Read More

Join ISA

Terms & Conditions | Contact Us

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

HELPFUL LINKS

Contact 
Calendar 
Board of Directors 
Media 
Team

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Larry Clinton, President and CEO, Internet Security Alliance

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.