ISA and German Government to Collaborate on Cyber Handbook for German Boards of Directors

November 3, 2017

(WASHINGTON, D.C.) – The Internet Security Alliance (ISA) and the Federal Office for Information Security (BSI), the German government entity charged with cyber policy, will collaborate on developing a German version of the Cyber-Risk Oversight Handbook for Corporate Directors, based on the model ISA developed with the National Association of Corporate Directors (NACD) in 2014 and updated in 2017.


The U.S. version of the Cyber-Risk Oversight Handbook was endorsed by both the U.S. Department of Homeland Security and the U.S. Department of Justice as well as many independent organizations. It is available free of charge on the DHS website as well as ISA’s and NACD’s.


In its 2016 Global Information Security Survey, PricewaterhouseCoopers found that use of the NACD Handbook led to a wide variety of enterprise cybersecurity improvements, including increased budgets, better alignment of cybersecurity with business goals, better risk management, and helping to create a culture of security within organizations.


ISA kicked of the process for developing the German edition of the Handbook with an event co-sponsored by the Cyber-Security Council of Germany last week at The National Press Club. The process will continue with two workshops in Europe next week that will generate input for adapting the U.S.-based handbook to the unique issues German companies face. An edition calibrated to unique UK concerns following Brexit is also being developed.


In addition to the workshops, the process will involve a multi-stakeholder comment period, leading to the production of German and UK editions of the Handbook, which will be featured at the first Global Cyber Summit for Corporate boards to be held in Geneva in April 2018. ISA and NACD, as well as the European organizations representing corporate boards, will co-sponsor the Geneva summit.


“Over the past few years, corporate boards have become painfully aware that they need to do more to address the cyber threat,” said ISA President Larry Clinton. “However, boards told us that most of the magic formulas and secret sauces are too IT centric. Our goal is to provide boards with a framework to analyze these proposed interventions from their unique risk perspective. We have been delighted with the response to the U.S. edition and are naturally delighted that both our German industry and government partners want to work with us to develop a similar open source product tailored to their unique culture and structure. That is what this process seeks to accomplish.”



About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.


About BSI Germany: As a national cyber security authority, the goal of the Federal Office for Information Security (BSI) is to promote IT security in Germany. The BSI is first and foremost the central IT security service provider for the federal government in Germany. However, we also offer our services to IT manufacturers as well as private and commercial users and providers of information technology because effective security is only possible when everyone involved contributes. For this reason, we want to work in even closer co-operation with all those working in the IT and Internet industry in the field of IT security.



| ISA and German Government to Collaborate on Cyber Handbook for German Boards of Directors