Internet Security Alliance (ISA) Highlights July 2019

August 7, 2019

Internet Security Alliance (ISA) Highlights July 2019

  • DHS CYBER SECURITY INFRASTRUCTURE SECURITY AGENCY (CISA) – requests ISA submit a detailed proposal to conduct a 2-year study on systemic cyber risk. This is the third, and presumably final, stage in the funding process which, if approved would take ISA to conduct the broadest and most sophisticated study on systemic risk available. The project is to be led by AIG and SSIC, however the full ISA board will play a critical role if approved.
  • NATIONAL ASSOCIATION OF CORPORATE DIRECTORS (NACD) initiates discussions with ISA on developing a comprehensive , international certification program for Directors. Cybersecurity would be woven into the new certification program and be based on the model defined in the Handbook ISA produces for NACD — particularly the international adaptations ISA has made for various non-US Directors organizations.
  • ISA SIGNS MEMO OF UNDERSTANDING (MOU) with the European Conference of Directors Associations (ecoDa) to produce a version of the Cyber Risk Handbook for the broad European continent. Release is expected in Q4 of 2019 or Q 1 of 2020.
  • BUNGE AND FIS COMPLETE PORTUGUESE TRANSLATION of Cyber Risk Handbook to be sponsored by the Organization of American States. This is the 4th language the Cyber Risk Handbook has been translated (English, German, Spanish and Portuguese).
  • ISA INITIATES DISCUSSIONS with the Japanese Federation of Businesses and the Indian trade associations CAMI and TEMA to produce the first Asian versions of the Cyber Risk Handbook.
  • ISA WEBINAR FOR GLOBAL LEADING VOICES – ISA made a presentation to an international audience on Advanced Cybersecurity Risk Management: How to successfully address your Cyber-threats?
  • ISA BOARD QUARTERLY MEETING- ISA holds summer board conference call. Agenda topics included: DHS proposal to study Systemic Cyber Risk; updating the NACD Cyber Risk Handbook; ISA presentations at NACD meetings, including the NACD Annual Summit, ISA international outreach, including partnerships with European Confederation of Directors Associations (ecoDa); Japanese Business Federation (Keidanren) and Association of India Multimedia and Infrastructure (CMAI) in the production of a cyber risk handbook for boards; ISA Congressional outreach campaign focusing on ISA’s public policy initiatives; social media communications campaign; and a look towards ISA’s next three year plan for the years 2021-2023 were all discussed during the meeting.
  • ISA PUBLISHED THE FOLLOWING POLICY REPORTS:
    o DHS distributes supply chain ‘criticality’ assessment to key industry stakeholders
    o The Government Accountability Office Seeks Industry Input on the NIST Framework
    o DHS Hosts “Secure Tomorrow” Workshop to Consider Long-Term Strategic Risk Management
  • ISA PUBLISHED THE FOLLOWING BLOGS:
    o Regulators: Don’t Make the Same Cyber Mistakes Over Again
    o Accountability in Cybersecurity is a Two-Way Street
    o Capital One Breach Highlights the Danger of Insider Threats
    o Mandatory Cybersecurity Training for Congress: What Kind of Training?