Posted on June 14, 2017 at 10:24 am
Boards of directors face several versions of risk from cyber breaches. Obviously, there is the risk of loss or manipulation of the data. There is also a risk of reputational loss. However, regardless of the actual data or reputational impacts boards need to be concerned about legal risks that can occur unrelated to the other […]
Posted on June 12, 2017 at 11:35 am
Last month President Trump issued an Executive Order on cybersecurity that called on all federal agencies to assess their status on information security and for the leadership to take steps required to mediate threats. Last week the Department of Health and Human Services (HHS) released its Healthcare Industry Cybersecurity Task Force report, which provides a […]
Posted on June 2, 2017 at 12:07 pm
It has now become clear that cyber-risk needs oversight at the board of directors level. The problem is that most corporate boards are comprised of “digital immigrants” — people not born into the digital world they now inhabit — and therefore need to learn how to understand cyber-risk. That educational process has been undertaken by […]
Posted on May 31, 2017 at 11:00 am
The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones – and most popular features – of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics. Many experts believe that for the CSF to properly […]
Posted on March 7, 2017 at 11:04 am
For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […]
Posted on February 27, 2017 at 11:20 am
Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […]
Posted on February 21, 2017 at 4:52 pm
Individual experts offer good advice, but when many people agree on practical steps necessary for better cybersecurity, their consensus carries more weight, at least so long as cybersecurity lacks outcome-based, objective metrics. Accordingly, here are the most important things small and medium-sized organizations should do, according to a survey the Internet Security Alliance did of […]
Posted on January 30, 2017 at 11:24 am
While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data. […]
Posted on November 30, 2016 at 11:54 am
Those recognized by the National Association of Corporate Directors in its annual compilation of 100 most influential individuals and organizations have achievements in fields such as governance, transformation or oversight. Cybersecurity hasn’t typically figured among them – until recently. NACD is recognizing Internet Security Alliance CEO Larry Clinton for the second consecutive year in its […]
Posted on September 6, 2016 at 12:36 pm
On September 15, 2016, the Internet Security Alliance will publish a 400 page, 17 chapter, book containing 106 recommendations for the incoming Administration and Congress. One of the recommendations is that, frankly, we need to invest more in cyber defense. We are chasing a $500 billion to $1 trillion dollar a year issue with about […]