ISA Highlights for February 2020
- ISA ADDRESSES G-20 CYBERSECURITY DIALOGUE IN RIYADH SAUDI ARABIA. The G-20 Summit of the world’s top economies is chaired this year by Saudi Arabian and will be held in Riyadh this fall. The G-20 Digital Economics Committee held a one-day Cybersecurity Dialogue on February 3, and ISA was one of 15 entities (3 American) that was asked to make a presentation as part of the Dialogue.
- ISA/NACD/DHS/DOJ RELEASE CYBER RISK HANDBOOKS FOR CORPORATE BOARDS. the Internet Security Alliance and the National Association of Corporate Directors (NACD) released the third, and co-branded, edition of Cyber-Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards. The new edition, like the previous two, is the only private sector publication endorsed by both the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) and the US Department of Justice. The NACD-ISA Handbook is also the only set of best principles to have been independently assessed (by PWC) and found to generate increased cybersecurity budgets, improve cyber risk management, create closer association between cyber risk and business goals and help to create a culture of security in organizations that use it. The publication outlines five key principles for improved cyber risk oversight and provides 13 “tool-kits” to address key cybersecurity issues such as insider threats, supply chain, incident response, developing strategic metrics, personal board member security & other issues.
- ISA/DHS/NACD/BSI PRESENT ON INTERNATIONAL GOVERNMENT AND INDUSTRY COLLABORATION AT RSA CONFERENCE IN SAN FRANCISCO. The new NACD-ISA publication is part of an international series of similar publications which now span 4 continents and are translated into five languages. A key element of this program has been the collaboration with industry organizations and government entities. Similar to the ISA/NACD/DHS collaboration in the US is a similar international & government industry collaboration in Germany with ISA, the German Federal Information Security Agency (BSI), and The Cyber security Council of Germany which produced a similar, adapted version of the US handbook. Additional efforts have been undertaken in Latin America with the Organization of American States and are underway in Japan and India. The RSA panel examined how these relationships developed and worked.
- ISA/DHS LEAD RSA SESSION ON DIFFERENT APPROACHES THE PRIVATE SECTOR AND GOVERNMENT TAKE IN CYBER RISK ASSESSMENT AND HOW TO FILL THE RESULTANT GAPS. ISA and CISA led a special “Birds of a Feather” session at the RSA conference examining the differences between public and private sectors’ risk assessments. The National Infrastructure Protection Plan (NIPP) identifies this problem by noting that the private sector makes cyber risk assessments based on commercial criteria – maximizing shareholder value, whereas the public sector has multiple non-economic issues it needs to consider – e.g. national security, maintaining government services, assuring election security etc. This RSA session was designed to analyze the gaps this creates and discuss potential ways to fill these gaps in.
- ISA PRESENTS AT FIRST GLOBAL CYBERSECURITY SUMMIT HELD IN RIYADH. In addition to the G-20 Cybersecurity Dialogue ISA was also asked to make an extended presentation at Saudi Arabia’s first ever Global Summit on cybersecurity. The Summit attracted over 1000 participants from 30 countries. ISA’s focused on the growing need to develop a new paradigm for cybersecurity that appreciates cyber’s economic aspects as well as the technical issues that traditionally dominate cybersecurity discussions.