News Articles

A trio of groups including the Internet Security Alliance has released a report offering “a cohesive, global, cross-border approach to cyber-risk governance” for corporate boards, with six principles that pull together consensus views developed by security and industry leaders in recent years. “Principles for Board Governance of Cyber Risk” was released today by ISA, the […]

Senators on the Homeland Security Committee took their turn probing the federal response to the SolarWinds hack at a hearing that featured CISA, OMB and FBI officials citing extensive interagency cooperation, while lawmakers pressed on the need for more high-level direction and for upgrading the government’s overall approach to cyber defense. “After the SolarWinds hack […]

The Pentagon’s Cybersecurity Maturity Model Certification program will fall short in securing the Defense Industrial Base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry-based Internet Security Alliance. “However, it is sadly predictable that the CMMC, however much an improvement, […]

Cyber vulnerabilities in the retail sector, always a hot topic during the holidays, require an examination of underlying economics and incentives that could drive improvements in retailers’ cybersecurity, according to an Internet Security Alliance assessment that tracks with the group’s prescription for shoring up cyber across critical infrastructure. “The retail sector is one of the […]

Larry Clinton of the Internet Security Alliance says the massive SolarWinds hack highlights the need for a rethinking of cybersecurity policy that goes well beyond Cyberspace Solarium Commission recommendations folded into the national defense bill, while the Congressional Research Service has issued a paper saying “existing programs” were unlikely to have foiled the sophisticated infiltration […]

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]

The U.S. homeland security and intelligence community in a statement today said the massive SolarWinds hack of federal and private-sector networks appears to be part of an intelligence gathering operation by a Russian “advanced persistent threat actor.” The U.S. government’s Cyber Unified Coordination Group, known as the UCG, “believes that, of the approximately 18,000 affected […]

The Cybersecurity and Infrastructure Agency has leaned into its role as industry’s risk advisor and partner in response to the SolarWinds hack, and industry sources say they are anxious to see this collaborative model preserved and extended under a Biden administration that might be inclined to more regulatory approaches to cybersecurity. Megan Brown, a partner […]

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]

CISA’s National Risk Management Center is launching a multifaceted “risk reduction venture” to help organize efforts around analyzing, measuring and providing tools to address cybersecurity risks faced by critical infrastructure. “Using enterprise risk management best practices will be a focus for CISA in 2021, and today the National Risk Management Center (NRMC) is launching a […]