Internet Security Alliance, partners release consensus principles for boardroom cyber risk management

Posted on March 23, 2021 at 10:03 am

A trio of groups including the Internet Security Alliance has released a report offering “a cohesive, global, cross-border approach to cyber-risk governance” for corporate boards, with six principles that pull together consensus views developed by security and industry leaders in recent years. “Principles for Board Governance of Cyber Risk” was released today by ISA, the […]


Federal officials stress unprecedented levels of coordination as lawmakers continue probe of SolarWinds

Posted on March 18, 2021 at 10:12 am

Senators on the Homeland Security Committee took their turn probing the federal response to the SolarWinds hack at a hearing that featured CISA, OMB and FBI officials citing extensive interagency cooperation, while lawmakers pressed on the need for more high-level direction and for upgrading the government’s overall approach to cyber defense. “After the SolarWinds hack […]


Internet Security Alliance: CMMC fails to account for the economics of small-business cybersecurity

Posted on February 16, 2021 at 12:01 pm

The Pentagon’s Cybersecurity Maturity Model Certification program will fall short in securing the Defense Industrial Base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry-based Internet Security Alliance. “However, it is sadly predictable that the CMMC, however much an improvement, […]


As holiday shopping season kicks in, cybersecurity group spotlights policy needs for securing retail sector

Posted on at 12:00 pm

Cyber vulnerabilities in the retail sector, always a hot topic during the holidays, require an examination of underlying economics and incentives that could drive improvements in retailers’ cybersecurity, according to an Internet Security Alliance assessment that tracks with the group’s prescription for shoring up cyber across critical infrastructure. “The retail sector is one of the […]


ISA’s Clinton cites need to go beyond NDAA in SolarWinds response; congressional researchers see ‘no easy fix’

Posted on at 11:58 am

Larry Clinton of the Internet Security Alliance says the massive SolarWinds hack highlights the need for a rethinking of cybersecurity policy that goes well beyond Cyberspace Solarium Commission recommendations folded into the national defense bill, while the Congressional Research Service has issued a paper saying “existing programs” were unlikely to have foiled the sophisticated infiltration […]


ISA’s Clinton presses case against ‘traditional regulatory models’ for securing cyberspace

Posted on at 11:54 am

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]


U.S. officials characterize SolarWinds hack as ‘intelligence gathering’ operation, ‘likely Russian in origin

Posted on at 11:31 am

The U.S. homeland security and intelligence community in a statement today said the massive SolarWinds hack of federal and private-sector networks appears to be part of an intelligence gathering operation by a Russian “advanced persistent threat actor.” The U.S. government’s Cyber Unified Coordination Group, known as the UCG, “believes that, of the approximately 18,000 affected […]


Cyber agency demonstrates value to stakeholders amid SolarWinds, but insiders say the secret sauce must be preserved

Posted on at 11:30 am

The Cybersecurity and Infrastructure Agency has leaned into its role as industry’s risk advisor and partner in response to the SolarWinds hack, and industry sources say they are anxious to see this collaborative model preserved and extended under a Biden administration that might be inclined to more regulatory approaches to cybersecurity. Megan Brown, a partner […]


ISA’s Clinton presses case against ‘traditional regulatory models’ for securing cyberspace

Posted on at 11:29 am

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]


CISA’s Kolasky unveils ‘Systemic Cyber Risk Reduction Venture’ for critical infrastructure

Posted on at 11:28 am

CISA’s National Risk Management Center is launching a multifaceted “risk reduction venture” to help organize efforts around analyzing, measuring and providing tools to address cybersecurity risks faced by critical infrastructure. “Using enterprise risk management best practices will be a focus for CISA in 2021, and today the National Risk Management Center (NRMC) is launching a […]