MAN BITES DOG: State Regulators Want Cyber Reg Reform

Posted on June 26, 2019 at 1:31 pm

Yesterday Congressman Cedric Richmond, Chair of the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Innovation announced in the wake of the recent ransomware attacks on local jurisdictions like Atlanta and Baltimore that he is going to propose a series of legislative efforts to assist the municipalities because “we can’t expect under-resourced, understaffed, state and […]


Brush with Greatness: A Chat with a Man Who May Be the Tipping Point Toward Effective Cybersecurity

Posted on June 21, 2019 at 10:47 am

by Larry Clinton The greatest cyber risk an organization can have is doing a faulty cyber-risk assessment. This is one of the key insights from Doug Hubbard’s paradigm-shifting book “How to Measure Anything in Cybersecurity Risk”. While in Chicago this week to do a series of Master Classes on the Economics of Cyber Risk for […]


Corporate Directors Take the Next Step on Cybersecurity: Where’s Congress?

Posted on June 18, 2019 at 11:27 am

by Larry Clinton In Chicago this week the National Association of Corporate Directors (NACD) will host the first in a series of nationwide events on the economics of cybersecurity. The courses start with a brief discussion of the now well-known existence of cyber-attacks on enterprises. However, they quickly move beyond the problem and instruct board […]


We Need Sensible Cybersecurity Regulations – More Is Not Necessarily Better

Posted on June 12, 2019 at 11:08 am

by Larry Clinton When the ISA published the Cybersecurity Social Contract three years ago, one of the facts we documented was that some in critical industries were being forced to divert between 30%-40% of their scarce cybersecurity resources to largely redundant regulatory compliance. This fact highlights the twin maladies of undermining efforts to strengthen cybersecurity without improving either […]


Experts from GE and FIS Help Students Deal with the Inevitable: Cyber Attacks

Posted on June 6, 2019 at 11:00 am

Once upon a time, industry experts would caution students and conference attendees that with cyber-attacks, it was not a question of if, but when. That adage has now matured into a more modern version: There are only two types of companies — those who know they have been successfully compromised, and those that don’t know […]


Cyber Experts Will Help Wharton Students Address the “Most Vexing Challenge”

Posted on June 5, 2019 at 10:56 am

The insider threat has become one of the biggest threats in the realm of cybersecurity. Despite the amount of risk posed by insiders, corporate executives often lack the awareness of the threat to adequately address it. That is why the Internet Security Alliance’s upcoming course on cybersecurity at the ABA Stonier Graduate Program at the […]


The EU Privacy Law is Not Working, But Why?

Posted on May 30, 2019 at 10:06 am

by Larry Clinton In 2016 the European Union enacted arguably the most stringent privacy law in the western world. Following a two-year transition, the law went into full effect last May. Although advocates had suggested the stringent penalties in the General Data Protection Regulation (GDPR) would deter individual privacy invasions and reduce market domination from […]


European corporate boards agree to create European adaptation of Cyber-Risk Oversight Handbook

Posted on May 28, 2019 at 11:26 am

by Larry Clinton This week the board of directors of the European Confederation of Directors Associations (ecoDa) agreed to work with the Internet Security Alliance (ISA) on a European adaptation of the Cyber-Risk Oversight Handbook originally published by the National Association of Corporate Directors in the U.S. This agreement indicates further progress that corporate boards […]


Washington Can Help States Face Cybersecurity Threats by Harmonizing Regulations

Posted on May 15, 2019 at 12:52 pm

by Dan Lips The National Governors Association is meeting Louisiana this week for its biannual cybersecurity summit. An important topic of consideration is how Washington can help state governments by harmonizing regulations. Doing so would let states focus their attention on confronting worsening cybersecurity threats, rather than answering federal auditors. “On any given day, the […]


Congress Needs Training in Cybersecurity — The Right Kind of Training

Posted on May 14, 2019 at 10:17 am

by Larry Clinton   Kudos to Representatives Kathleen Rice (D) and John Katko (R) for their bipartisan legislation requiring Members of Congress to receive training in cybersecurity. Give congressional representatives an IT tool and they can secure the nation for a day — maybe. Teach Congress how to truly understand and manage cyber risk and we […]