The Word of the Day isn’t Virus, its Agility

Posted on July 6, 2020 at 1:38 pm

In 1929 the vibrant US economy went through the greatest shock it had ever received when the stock market crashed. A frightened and bewildered Congress, flaying for answers, summoned the economic chieftains of the day to testify as to if they had manipulated the crisis. The venerable JP Morgan was called to task before the […]


Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level

Posted on June 11, 2020 at 3:40 pm

Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level


ISA’s Larry Clinton criticizes Pentagon proposal for ‘intrusive’ access to contractor networks

Posted on May 27, 2020 at 2:52 pm

You know what’s worse than trying to share cybersecurity information? Writing about it. Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades. Why […]


ISA’s Larry Clinton: Current crisis offers chance to examine, address systemic risks to cybersecurity

Posted on April 28, 2020 at 9:26 am

The COVID-19 crisis reveals the inadequacy of the prevailing “operational” approach to cybersecurity and provides an opportunity for government and businesses alike to take cost-effective steps toward a cyber strategy rooted in risk management, says Larry Clinton, president of the Internet Security Alliance. That should include developing systems to track and prosecute cyber crime, establishing […]


Key industry group urges federal officials to quickly share risk-management best practices with businesses

Posted on April 27, 2020 at 1:36 pm

The massive shift to work-at-home amid the COVID-19 crisis is leading to insecure work-arounds that emphasize functionality over security, while managers in many businesses lack training suitable to the current risk environment, according to the Internet Security Alliance in comments filed with the Department of Homeland Security. “Due to the near-immediate switch to unplanned online […]


Pentagon and FCC, at different points on cyber regulation, underscore hybrid nature of U.S. government approach

Posted on April 23, 2020 at 3:11 pm

The Defense Department is leading efforts to set mandatory cybersecurity baselines for industry, while the Federal Communications Commission has been on a deregulatory path, but both are playing influential roles in shaping the U.S. government’s relationship with the private sector and overall approach to cybersecurity that have been on display in recent days. In one […]


Top Ten Reasons Why Cybersecurity Is Like Coronavirus

Posted on March 16, 2020 at 9:17 am

By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […]


These Are The Big Takeaways From This Year’s RSA Conference 2020

Posted on March 5, 2020 at 2:31 pm

Henry Ford once said, “Coming together is a beginning, staying together is progress and working together is success.” While each one of us is different—visionary or pragmatist, builder or fixer, disruptor or peacemaker, mentor or non-conformist, comic relief or observer—bringing all our individual traits together results in a stronger, more diverse whole. This was the […]


Internet Security Alliance updates ‘handbook’ for corporate boards on managing cyber risks

Posted on February 27, 2020 at 3:38 pm

The Internet Security Alliance has updated its “handbook” for corporate boards on managing cyber risks to reflect current threats and the latest “best practices.” “The effects of cyberattacks are expanding well beyond information loss or business disruption. They can have a severe impact on an organization’s reputation and brand through loss of consumer confidence,” said […]


Posted on February 26, 2020 at 9:01 am

In an era when data breaches can lead to corporate losses and ruin brand reputations, cybersecurity is no longer just an IT issue, it’s a board-level issue The question of what corporate boards should be doing and how governments can help them was the topic of a session at the RSA Conference in San Francisco, […]