January 3, 2023

  1. Independent research conducted by MIT finds the consensus cybersecurity principles and practices laid out in the NACD-ISA Cyber Risk Oversight Handbooks “demonstrates that organizations that use the consensus principles can significantly improve their cyber resilience without raising costs” and organizations who “follow the principles are predicted to have 85% fewer incidents.” This confirms previous research by PWC.
  2. ISA board of directors completes the fourth edition of the Cyber Risk Oversight handbook in partnership with the National Association of Corporate Directors. The new edition includes a new “ESG Principle” developed by ISA and NACD with theWorld Economic Forum. The new Principle calls on boards and management to consider their cybersecurity strategy from a whole-ecosystem perspective, not just their own entity.
  3. The Director of the DHS Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly agrees to endorse the new edition of the Cyber Risk handbook, provide a personal Foreword for the book, and commits to heavily promote it through CISA.
  4. US Department of Justice’s FBI provide special “tool kits” for the new edition of the Cyber Risk Oversight Handbook focused on collaborating with industry to fight cybercrime with a special emphasis on ransomware.
  5. In partnership with the German Federal Office of Information Security (BSI), ISA produces the second edition of the German-version of the Cyber Risk Oversight Handbook.
  6. ISA enters into partnership agreements with Prophesy Inc and Octopian to produce Australian edition of the Cyber Risk Oversight handbook and Arabic language edition. Handbooks will now be available in 6 languages and on 5 continents
  7. ISA is invited to the White House Summit on Workforce Development. ISA is asked to brief the conference on its proposal to create a National Cybersecurity Academy.  The Summit’s final report of all three subgroups embraces the Academy idea.
  8. Congress passes National Defense Authorization Act (NDAA) for 2022. NDAA contains the ISA backed provision initiating the establishment of a national virtual cybersecurity academy.  The academy provision was added to the NDAA through bipartisan amendments offered by Senator Kiersten Gillibrand (D-NY) in the Senate and Congresswoman Houlihan (D-PA), Congressman Garbarino (R-NY), and Congressman Gallagher (R-WI) in the House. Mr. Garbarino is expected to take the Chair of the House Cybersecurity Subcommittee and has shown interest in expanding the academy model.
  9. The Securities and Exchanges Commission issues a Notice of Proposed Rule Making (NPRM) on cybersecurity. SEC cites the NACD-ISA Cyber Risk Handbook 7 times in its proposal. ISA submits detailed comments to the SEC on their NPRM suggesting alternate approaches the Commission should take to enhance corporate cyber risk management.
  10. Nine-person SEC rule making staff provide the ISA board of directors a 90-minute private meeting to discuss the SEC’s NPRM on cybersecurity and recommend changes.
  11. CISA reaches out to ISA requesting ISA collaborate in developing a new “corporate responsibility” program. CISA informs ISA the program will be largely based on the Principles and tool-kits in the NACD-ISA Cyber Risk Oversight Handbook.
  12. White House Director for Cybersecurity and Budget in the National Director’s Office, Rob Knake, is guest of honor at the ISA board’s annual Salon Dinner.  Mr. Knake notes for the board that he has read the manuscript for ISA’s upcoming book Fixing American Cybersecurity, which becomes the focus of the 90-minute private meeting with the ISA board over dinner.
  13. ISA and Partner 1631 Digital win three national Reed Awards from Campaigns and Elections for ISA’s social media campaign “Re-Thinking Cybersecurity.” ISA campaign based on the manuscript for Fixing American Cybersecurity (which was delayed by publisher Georgetown University Press) Campaign results in policy leaders including the Chair of both the House and Senate Homeland Security Committees, the Chair of the House Cybersecurity Subcommittee, and the Director of CISA adopting the phrase in their public comments and testimony and helping to promote ISA policies (e.g., Cyber Academy). ISA will conduct a similar social media campaign in 2023 entitled “Fixing American Cybersecurity.”
  14. Georgetown University Press agrees to publication of ISA’s public policy book Fixing American Cybersecurity: Creating a Strategic Public Private Partnership in 2023. A dozen members of the ISA board participated in writing this book.
  15. The Chief-of Staff for CISA, Kiersten Todt provides the Forward for Fixing American Cybersecurity  and numerous cybersecurity policy experts agree to endorse the book including Former Presidential Cybersecurity Advisor Michael Daniel, Former US Federal CISO Brigadier General (ret) Gregory Touhill, Former DHS Asst. Sec for Cybersecurity Rear Admiral (Ret.) Mike Brown, former NACD President Erin Essenmacher, NSA Advisory Board Member Dr. Edward Amoroso, and former DHS Director for the National Risk Management Center Bob Kolasky.
  16. In preparation for the incoming Congress ISA has created cybersecurity specific profiles of more than 280 Senators and Members of Congress who sit on 11 Committees with cybersecurity jurisdiction.  ISA has also mapped interests of these Members/Senators to the policy positions the ISA board has articulated in Fixing American Cybersecurity and created additional advocacy materials to be used in approaching these Members/Senators.
  17. Kogan Press International publishes ISA’s cyber enterprise risk management book Cybersecurity for Business. A dozen members of the ISA board participated in writing this book. Cybersecurity for Business opens as the number 1 new release on Amazon.  Cybersecurity for Business maintains this number one standing on Amazon for 8 consecutive weeks.
  18. Numerous cybersecurity experts agree to endorse Cybersecurity for Business including, Prof. Corey Hirsch, Prof. Scott Shackelford, Dr. Andrea Bonime-Blanc, AGB President Henry Stoever, Prof. Murray Dalziel, Gen (ret.) Keith Alexander, Kevin Mandia, Lt. Gen. USAF (Ret) Harry Raduege, World Economic Forum Cybersecurity Director Daniel Dobrygowski, Former DHS Cybersecurity Asst. Secretary Mark Weatherford, Former SEC Cybersecurity Advisor Chris Hetner.
  19. Several highly respected colleges and universities adopt Cybersecurity Business for courses in cyber risk management including Wharton, Columbia, NYU, University of Maryland, Indiana University, and MIT.
  20. The Wharton School, awards ISA for its continued service to their Stonier Graduate Executive Education Program at the University of Pennsylvania for teaching their cyber risk management course each year.
  21. In cooperation with Mastercard, Kogan Page agrees to publish a Mastercard branded version of Cybersecurity for Business.
  22. In partnership with SAP, Kogan Page agrees to publish a German-language edition of Cybersecurity for Business.
  23. Kogan Page agrees to produce an Australian edition of Cybersecurity for Business.
  24. In cooperation with Octopian, Kogan Page agrees to publish an Arabic language edition of Cybersecurity for Business.
  25. ISA welcomes Mastercard, Baker Hughes, and RiskLens as new ISA sponsors.