The Internet Security Alliance has announced plans to develop a “handbook” on managing cybersecurity risks for European corporate boards of directors, building on similar efforts across the Atlantic.
“This week the board of directors of the European Confederation of Directors Associations (ecoDa) agreed to work with the Internet Security Alliance (ISA) on a European adaptation of the Cyber-Risk Oversight Handbook originally published by the National Association of Corporate Directors in the U.S,” according to a blog post written by ISA President Larry Clinton on Tuesday.
The industry-backed ISA has been a strong advocate for the National Institute of Standards and Technology’s voluntary framework of cybersecurity standards and for non-regulatory approaches for managing cyber risks. This week’s announcement expands the international reach of the NIST framework and ISA efforts for offering corporate leaders guidance on countering cyber threats.
“This means that corporate directors associations on three continents — North America, South America and now Europe — are coordinating on a common set of principles and adapted tool kits to address cybersecurity,” writes Clinton.
“Although government agencies on three continents are expressing support for these efforts, it’s noteworthy the directors associations are taking on these initiatives independent of regulatory mandates. Indeed, the focus of the directors’ efforts is to adopt methods and practices that have been independently shown to be effective,” writes Clinton, citing a survey by auditing firm PricewaterhouseCoopers that shows improved security, “not compliance.”
According to Clinton: “The first Principle articulated in each of these programs is that cybersecurity is NOT an “IT” issue, but rather an enterprise-wide risk-management issue. This principle is an essential, and in many spaces (including some government spaces) still novel, insight that is critical for organizations to embrace in order to comprehensively address cyber threats.”