ISA Announces Second Asian Handbook for Boards and Cyber

November 22, 2019

Larry Clinton
President and CEO, Internet Security Alliance
(202) 236-0001

Delhi, India – In back-to-back presentations to the Indian National Cybersecurity Summit and the international Conference on Cyberlaw, Cybercrime and Cybersecurity today, Internet Security Alliance (ISA) President Larry Clinton announced the launch of a collaboration between several Indian-based trade groups and their a partners in the Indian government to create a Cyber-Risk Handbook for Indian corporate boards of directors on how to address cyber threats.

Following the announcements, ISA conducted initial workshops to begin development of the Indian handbook in conjunction with the Association of Indian Communication and Multimedia and Infrastructure (CMAI) and the Indian National Roundtable on Cyber Risks for Corporates. (NRCRC). Over 100 representatives representing Indian boards, ITC professionals, and government participated in the workshops.

The handbook will be based on the model initially developed by ISA in partnership with the National Association of Corporate Directors (NACD) in the U.S., which is currently in preparation for its third edition to be published in Q1 2020. This will be the second version of the handbook designed for the Asian market. ISA and the Japanese Business Federation released a Japanese edition earlier this fall.

ISA in partnership with trade associations representing members of corporate boards as well as national governments have now or are in process to produce adapted handbooks addressing cyber risk from the unique board level on four continents. In addition to the U.S. and Japanese/Indian editions, the Organization of American States and ISA released an edition targeted to Latin America in October. In 2018, ISA and the Cyber Security Council of Germany produced a German edition in partnership with the German Federal Office of Information Security (BSI), and a UK edition was also produced. A pan-European edition is currently under development by ISA in partnership with the European Confederation of Directors Associations (ecoDa), which is also expected in Q1 2020.

“While all the handbooks are uniquely adapted to the unique regions they serve based on numerous in-region workshops and webinars, they all embrace eye same five core principles that Pricewaterhouse Coopers, in their Global Information Security Survey, documented have led to increased board involvement in cybersecurity and have also resulted in significant improvements on several levels of cyber risk management,” said ISA’s Clinton.

The five core principles embraced in all the programs are: 1) Boards must recognize that cyber security is not just an “IT” issue – it’s an enterprise-wide risk management issue. 2) Boards need to understand their unique legal obligations for cybersecurity. 3) Boards must gain access to adequate cybersecurity expertise. 4) Boards must demand management to provide them with a corporate cybersecurity framework covering both technical aspects as well as enterprise management aspects of cybersecurity. And 5) Boards must demand management to provide them with a modern cyber-risk assessment ideally using modern tools to empirically, and economically identify which risks are going to be rejected, accepted, mitigated or transferred consistent with the organization’s empirical, economic risk appetite.

About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook with the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.