Comments on NIST Cybersecurity Framework 1.1 (Draft 2)

Posted on January 19, 2018 at 12:04 pm

January 19, 2018 Andrea Arbeleaz National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, M.D. 20899   RE: Cybersecurity Framework Versions 1.1 Draft 2   Dear Ms. Arbeleaz, Thank you for the opportunity to provide commentary from the Internet Security Alliance on the second proposed version 1.1 update to the Framework for […]

Congressional memo on President Trump Cybersecurity Executive Order 13800

Posted on May 11, 2017 at 11:40 am

The Internet Security Alliance (ISA) supports President Trump’s new executive order on cybersecurity, and looks forward to assisting in its implementation. The Senate Committee on Commerce, Science, and Transportation, with its jurisdiction covering interstate commerce, has broad authority over key elements of the Order. ISA suggests the Committee consider some of the following recommendations as […]

Internet Security Alliance (ISA) and the FAIR Institute Joint Comments on the National Institute of Standards and Technology Cybersecurity Framework Proposed Version 1.1 Update

Posted on April 10, 2017 at 1:42 pm

The Internet Security Alliance (ISA) is a multi-sector trade association representing mainly the chief information security officers of Fortune 100 companies. ISA has a long-standing interest in seeing that the Framework achieves its objectives of better private-sector cybersecurity. ISA’s Cybersecurity Social Contract, published in 2009, first called for the collaborative industry-government development of standards and […]

Internet Security Alliance (ISA) Comments to the American Institute of CPA’s (AICPA) on the Creation of a Risk Management Methodology

Posted on December 5, 2016 at 1:42 pm

The Internet Security Alliance congratulates the American Institute of CPAs’ for their effort to create a consistent assessment methodology for a company’s cybersecurity risk management processes. ISA represents some of the largest companies in the world. These companies are the intended buyers and audience for the AICPA’s proposed cybersecurity attestation engagement. Our members are invested […]

Internet Security Alliance (ISA) Joint Comments with American Gas Association (AGA), Utilities Telecom Council (UTC), Edison Electric Institute (EEI), Association of American Railroads (AAR), and CompTIA to the National Institute of Standards and Technology on “Framework for Improving Critical Infrastructure Cybersecurity”

Posted on February 19, 2016 at 1:42 pm

We want to thank NIST both for the opportunity to respond to the Request for Information and the ongoing excellent work that NIST provides in working with the private sector to improve the nation’s cyber security. The initial NIST Framework for cyber security has not only proven to be a useful tool in enhancing the […]

Internet Security Alliance (ISA) Comments to Department of Homeland Security on the Initiative to Identify Best Practices for Information Sharing and Analysis Organizations (ISAO)

Posted on April 18, 2015 at 1:29 pm

The March 4, 2015 Federal Register Notice announcing the March 18th ISAO/ISAC Summit indicated that there was an open comment period through April 19th. The Internet Security Alliance (ISA) appreciates the opportunity to offer our comments as our preliminary input and initial contributions to the ISAO discussion in addition to the statement for the public […]

Internet Security Alliance (ISA) Comments to the Commission on Enhancing National Cybersecurity

Posted on October 10, 2014 at 1:42 pm

Topics Addressed This section of our comments addresses issues faced by eight critical infrastructure sectors. The authors of these comments are mostly chief information security officers for large companies within those sectors. Namely (and in order): Defense Industrial Base; Healthcare; Financial Services; Energy (specifically, local utilities); Information Technology; Telecommunications; Manufacturing; and, Food and Agriculture. Readers […]

Internet Security Alliance (ISA) Comments to the National Institute of Standards and Technology on “Developing a Framework to Improve Critical Infrastructure Cybersecurity”

Posted on April 8, 2013 at 1:42 pm

Current Risk Management Practices: NIST solicits information about how organizations assess risk; how cybersecurity factors into that risk assessment; the current usage of existing cybersecurity frameworks, standards, and guidelines; and other management practices related to cybersecurity. In addition, NIST is interested in understanding whether particular frameworks, standards, guidelines, and/or best practices are mandated by legal […]