September 4, 2019

Internet Security Alliance (ISA) Highlights August 2019

  • ISA RESPONDS TO DHS REQUEST FOR DETAILED PROPOSAL TO STUDY SYSTEMIC CYBER RISK. ISA fulfilled the request from the DHS Cybersecurity and Infrastructure Security Agency (CISA) to provide a detailed proposal for a joint project to study systemic cyber risks and potential pathways to strengthen the cyber eco system.  The project was born at the ISA fall 2018 board meeting with a conversation with CISA Cyber Director Chris Krebs and has matured over a series of meetings in the intervening months.  The proposal ISA submitted in August is anticipated to be the final step in the proposal process.  The ISA proposal calls for ISA to access historic data AIG has collected and analyzed and reframe the analysis in terms of overall cyber risk, as opposed to the traditional insurance focus. The analysis will be framed following the ISA’s Social Contract Theory of cyber security and utilize cutting edge economic analytic modeling (X-Analytics) provided by SSIC to clarify key issues.  The full ISA board will be used as the proxy for multiple sectors and review the findings in conjunction with ongoing consultation with DHS. If the project is approved (and DHS has demonstrated substantial enthusiasm for the proposal) it will generate the broadest and most sophisticated study of systemic cyber risk ever undertaken.
  • ISA AND NACD ASKED TO MAKE FEATURED JOINT PRESENTATION AT DHS CYBER SUMMIT ON EFFECTIVE CORPORATE BOARD PRACTICES ON CYBER SECURITY. The President of the National Association of Corporate Directors, Peter Gleason, and ISA President Larry Clinton have accepted an invitation from DHS to conduct a program Friday, September 20 at 10 AM. The program will be part of the second annual DHS Cyber Summit to be held at National Harbor in Maryland. The program will feature Mr. Gleason discussing the differences between board and management responsibilities in cyber security and the creative programs NACD has launched to better educate corporate boards on their responsibilities in cyber security.  Mr. Clinton will focus on the collaborative work ISA does with NACD, and other similar organizations around the world, and specifically discuss the updating of the Cyber Risk Handbook for Corporate Boards which ISA historically produces for NACD and which is currently in its third updating.
    NATIONAL RISK MANAGEMENT CENTER PROGRAM ON CYBER SECURITY FEATURES ISA. ISA was the only trade association invited to participate in the Cyber Risk Enterprise Risk Management Roundtable sponsored by the DHS National Risk Management Center in New York. The invitation was also extended to ISA members.  SSIC and AIG accepted these invitations and attended.  The purpose of the event was to begin a process wherein DHS will become more strategic in its approach to cyber security.  ISA was the first participant called on following Risk Management Director Bob Kolasky’s introduction.  ISA outlined the success we have had with NACD noting that the Enterprise wide approach is the very first Principle in the NACD handbook, pointing out that NACD reports the handbook is by far their most popular publication and that PWC has independently assessed the handbook and found its use resulted in greater cyber budgets, better risk management, closer alignment of cyber with overall organizational goals and helped to create a culture of security in the organizations that use it.
  • ISA SIGNS MEMORANDUM OF UNDERSTANDING WITH JAPANESE BUSINESS ASSOCIATIONS. ISA has previously developed Cyber Risk Handbooks for corporate directors in the US, Europe and Latin America. In August ISA agreed to create the first Asian based version of the handbook in conjunction with the Japanese Business Federation (the equivalent to the US Chamber of Commerce). ISA will meet with a delegation from Japan in DC in September and discuss details and logistics for the new handbook. ISA has agreed to provide the substantive analysis for the Japanese edition and the Japanese Business Federation will be responsible for translation and distribution in Japan. The expectation is that the book will be available in Japanese by the first quarter of 2020.
  • ISA TEACHES MASTER CLASS IN CYBER SECURITY FOR NACD. In the continuation of an ongoing cooperative program with the NACD, ISA taught another section of its Master Class in the economics of cyber security, this one in Laguna Beach CA. ISA has previously taught the course in DC, and Chicago and is scheduled to teach additional sections in South Carolina and Texas.
  • LARRY CLINTON KEYNOTES AT THE NATIONAL ASSOCIATION OF STATE CREDIT UNIONS ANNUAL MEETING.  Building on the training program ISA conducted last year for the FED Bank ISA was asked to extend that program for the Credit Unions at their national Convention in San Francisco.