ISA Top 2018 Highlights
ISA appointed industry co-chair (DHS is government co-chair) of the Policy Leadership Working Group charged by DHS Asst. Secretary for Cyber Security Jeanette Manfra with articulating the details of a Collective Cybersecurity Defense Model the Trump Administration wants to promote for cybersecurity. Policy Leadership Working Group produces a joint government-industry white paper defining the Collective […]
We need a new approach to cyber risk assessment
“Garbage in, garbage out.” For years, cyber risk assessments have often revolved around checklists of standards and practices that IT professionals can use to check off what they’ve done, but that model is insufficient, producing results that are hindering cybersecurity. ISA President Larry Clinton, at the Command and Control conference on Friday, September 21, called […]
At DEFCON, DHS Gets it Right on Cyber – We Need to Rethink Incentives
When DHS Assistant Secretary for Cyber Security Jeanette Manfra addressed the hackers at the annual Las Vegas showcase for modern wizardry, she didn’t focus on standards and bots. She talked about how digitization changes everything and the need to look at cybersecurity through an economic lens. She got it exactly right. “For the first time […]
Happy New Year: We Need a New Approach to Cybersecurity
By Larry Clinton We all know we are losing the battle to secure cyber space – badly. Maybe our New Year’s resolution ought to be to recognize this fact and come up with a new approach to the problem. The old ones don’t seem to be working. Specifically, we should consider moving away […]
Is it Time to Sunset Cybersecurity Awareness Month?
Sunsetting Cyber Awareness Month.blog.1017October 2, 2017 By Larry Clinton Raise your hand if you know anyone who is unaware that we have a cybersecurity problem. In a field where we are often desperate for any sign of success, I think we can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? […]
Enabling better Cybersecurity Information Sharing with Small and Medium-sized Partners
By Jeff Brown “Information sharing” is one of the most powerful tools organizations can use against cyber threats that can erupt without warning and cause disruption worldwide. Once an organization—any organization, whether public or private sector—spots the tell-tale patterns of a new attack, alerting other organizations of these warning signs can help halt the spread […]
Cybersecurity and the Resilient Mindset
By Cindy Fornelli If you spend some time around the issue of cybersecurity, it won’t be long before you encounter the notion of resilience. “Cyber resilience is a public good,” observed a 2017 white paper from the World Economic Forum. A 2013 Presidential Policy Directive declared that “it is the policy of the United States […]
Petya Provides Context for Briefing Council on Foreign Relations
It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […]
Maintaining Cybersecurity During Mergers & Acquisitions
Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […]
Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance
Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […]
