May 26, 2017

(WASHINGTON, D.C.) – The second annual cybersecurity summit specifically targeted to individuals who sit on corporate boards will be hosted by The National Association of Corporate Directors, and the Internet Security Alliance, June 20 & 21 at the JW Marriott in Chicago.

The conference will build on the Cyber Risk Handbook for Corporate Boards NACD and ISA released earlier this year. That document is the only private sector publication that has been official endorsed by both the US Department of Homeland Security and the Department of Justice.

PricewaterhouseCoopers has assessed the effectiveness of the Handbook in its Global Information Survey and found that its use had led to significant increases in cybersecurity budgets (averaging 24%) as well as better risk management, alignment of cybersecurity with overall organizational roles, and helping to create a culture of cybersecurity.

“Boards have gotten the message that cybersecurity is important, but they tell us they are being bombarded by all manner of cyber experts with their own magic formula for solving the cyber problem.  What we are trying to do is give the boards a coherent strategy they can use to assess this issue at the unique board level,” said ISA President Larry Clinton.

“What makes this Handbook and this associated conference different is that we don’t focus on cybersecurity from an ‘IT’ perspective. Instead, we contextualize cyber in the areas in which boards are familiar. So, we discuss what are the cybersecurity issues a board faces when they do a merger, launch an innovative product or establish a new strategic partnership. By translating cybersecurity into a language boards are familiar with we can have much greater effectiveness in convincing them to be more proactive with their cyber risk management,” Clinton said.

Ten members of the ISA Board of Directors representing a wide range of industry perspectives will be featured at the Chicago Cyber Summit for Corporate Boards. These will include ISA President Larry Clinton, who prepared the Handbook, as well as Gary McAlum, CSO of USAA and Ed Hammersla, CEO of Utilidata who will speak on the intersection of regulation and cybersecurity. Nasrin Rezai, Chief Information and Product Security Officer at GE will speak on creating an enterprise-wide approach to cyber security, Doug Thomas, Director for Counterintelligence for Lockheed Martin, and Bob Zandoli CISO for Bunge Ltd., will address insider threats. JR Williamson, CISO for Northrup Grumman will discuss how to do an economic analysis of likely attackers and Andrew Cotton, a Partner at EY will focus on cyber risk in the context of mergers and acquisitions.  In addition, Cindy Fornelli, CEO for the Center for Audit Quality will open the conference with a “fireside chat” with former Bush and Obama cyber advisor Melissa Hathaway, who is now President of Hathaway Global Security.

Non-ISA affiliated speakers include Bret Arsenault, VP and CISO for Microsoft, Robert Clyde, a Director at TZ Holdings and ISACA, Kevin Richards, the Global Security Strategy lead for Accenture, and Jeremiah Dewey, Director of Incident Response at Rapid7 who will lead a role play exercise of a breach to conclude the conference. Former Asst. Attorney General John Carlin will be the luncheon keynote speaker.

 About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.