Starting in 2006, the ISA began its program on the Financial Management of Cyber Risk, which resulted in the first of its publications on this subject: “The Financial Impact of Cyber Risk – 50 Questions Every CFO Should Ask.” ISA’s and follow-up publication, “The Financial Management of Cyber Risk – An Implementation Framework for CFOs,” led the Federal Deposit Insurance Corporation (FDIC) to request ISA brief it on issues addressed in the document.
ISA has long been championing the need to alter enterprise risk management so that a more comprehensive approach to cybersecurity is utilized. In addition to the FDIC briefing, ISA has continued to evangelize this enterprise-wide, comprehensive approach to security and risk management through numerous presentations, including a role play exercise presented at the National Press Club, on Capitol Hill, and at conferences such as RSA.
Research has shown that recently the field is dramatically moving in the direction advocated by the ISA, including the development of enterprise-wide cybersecurity teams and the movement of cyber management away from simply the role of the CIO to a broader management position, such as the CFO, COO or CRO.
ISA has also extended this program by developing a more detailed model with respect to health care and launching a new program analyzing and benchmarking enterprise risk management in specific sectors, including the Aerospace and Defense, IT, and Financial Services sectors with specific reference to the effect of the SEC’s recent advisory on considering cyber security as a material risk. This program launched with the first of a series of workshops in D.C. Conferences in Silicon Valley and New York City are currently scheduled for fall and winter 2012.
For more information about the upcoming Financial Risk Management conferences in California and New York, please contact Josh Magri (firstname.lastname@example.org).