Regulation of Cybersecurity Has Been Tried and It Doesn’t Work

Posted on January 21, 2022 at 12:11 pm

By Larry Clinton The focus of the current series of posts is to suggest the need for new directions in cybersecurity policy.  Put succinctly, it’s not just that we need to do cybersecurity better – it’s that we need to do cybersecurity differently. Why? Because we are getting killed out there. Cybercriminals generate roughly $2 trillion […]

Playoffs Time: What Can Cyber Policymakers Learn from the NFL?

Posted on January 17, 2022 at 1:07 pm

This blog series began by asserting that in the new year, given the obvious ineffectiveness of our current cyber policies it’s time for policymakers to begin focusing on issues that might really matter in terms of creating a sustainably secure system.  We then moved forward to identify two major areas where government could really make a […]

New Year’s Cyber Resolution: Modernize Cyber Law Enforcement

Posted on January 14, 2022 at 11:48 am

By Larry Clinton In this series of posts, we have been arguing that now is a time to rethink our efforts to create a sustainably secure cyber ecosystem.  The core notion of this rethinking would be to, finally, begin focusing more on programmatic changes that will truly impact the security of cyberspace, as opposed to the […]

New Year’s Cyber Policy Resolution #1: Get Serious About Workforce Development

Posted on January 10, 2022 at 11:29 am

By Larry Clinton Last week, we discussed that we needed to make a New Year’s resolution to start talking about things that really matter for cybersecurity. One area that really matters if we’re serious about improving our cybersecurity is addressing the current workforce shortage. We can never create an adequately secure our cyber systems unless […]


Posted on January 3, 2022 at 11:51 am

By Larry Clinton, President and CEO, Internet Security Alliance I have to say I’m disappointed the language requiring more stringent timelines for reporting cyber events to the government didn’t make it into the National Defense Authorization Act (NDAA). I’m not disappointed because I have strong feelings one way or another about that provision – to […]

The Coronavirus Pandemic Has Created Novel Cybersecurity Challenges — But It May Also Give Us a Solution to the Cybersecurity Workforce Problem

Posted on May 7, 2020 at 11:26 am

By Josh Higgins, Senior Director of Policy and Communications The COVID-19 pandemic has created many new challenges for companies — such as managing a remote workforce, adopting new suppliers and cloud services, and a vastly expanded cyber-threat landscape — as the world works to maintain productivity through primarily virtual means. However, despite all these new […]

Coronavirus Creates New Insider Cyber Threat and How to Treat It

Posted on April 6, 2020 at 11:41 am

Instantaneous, Unplanned, Digital Transformation Creates Massive Cyber Risk By Larry Clinton Insiders are generally identified as the locus of about half of successful cyber-attacks. The 2020 edition of the Cyber-Risk Oversight Handbook published by the National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) last month (available free of charge here). identifies the […]

ISA Board of Directors Offers Cybersecurity Best Practices for COVID-19 Crisis

Posted on April 2, 2020 at 10:56 am

The outbreak of coronavirus globally has created a new reality vastly increasing how much business is done online: While this new virtual reality is essential to sustaining business during the pandemic, it is critical that corporate boards are also aware of the increased cybersecurity threat from this intensified, and often unplanned, utilization of technology. As […]

Top Ten Reasons Why Cybersecurity Is Like Coronavirus

Posted on March 16, 2020 at 4:47 pm

By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […]

Cyber Principle Two for Boards: Know Your Legal Obligations

Posted on March 11, 2020 at 10:48 am

This is the second in a series of blogs distilling the cybersecurity advice for boards of directors contained in the new Cyber-Risk Oversight 2020 Handbook published by the National Association of Corporate Directors and the Internet Security Alliance. By Larry Clinton In 2015, ISA, along with Georgia Tech, the New York Stock Exchange, and Palo […]