ISA as a Leader in Cyber Practice

National Association of Corporate Directors Peter Gleason announcing the release of the 4th edition of the NACD-ISA Cyber-Risk Oversight Handbook

Practice

The ISA Mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity.

“Guidelines from the NACD-ISA advise that Boards should view cyber risks from an enterprise-wide standpoint… Respondents said this deepening Board involvement has helped improve cyber security practices in numerous ways including a 24% boost in security spending. Other notable outcomes cited by survey respondents include identification of key risks, fostering an organizational culture of security and better alignment of cybersecurity with overall risk management and business goals.”

— PWC Global Information Security Survey

“The NACD-ISA Cyber Risk Oversight Handbook demonstrates that organizations that use the consensus principles can significantly improve their cyber resilience without raising costs and organizations that follow the principles are predicted to have 85% fewer incidents.”

— World Economic Forum- MIT joint study 11/22

CISA Director Jen Easterly awarded ISA her personal “Challenge Coin” for excellence in promoting national cyber defense.

It does this by implementing its three major goals – thought leadership, policy advocacy and developing effective best practices, particularly for corporate boards and senior management.

Over the past 15 years, ISA has become the world’s leading provider of cyber best practices for corporate boards.

The ISA Board of Directors and partners including the National Association of Corporate Directors, the World Economic Foundation and a range of international board level entities and governments (including DHS, the FBI, German BSI, and the OAS) has developed the only set of best practices in cybersecurity that has been independently assessed (by PWC, MIT and the World Economic Foundation) and proven to create tangible, positive security outcomes.

The academic literature has recognized the NACD-ISA Principles as the “de facto international standard for cyber risk oversight.” ISA has also published a full-length book Cybersecurity for Business: Ensuring Cyber Risk is NOT Just an IT Issue, which translates the proven board level principles into specific roles and responsibilities for senior management to implement.

In 2024, ISA and NACD created the first AI supplement to the Cyber Risk Handbooks as well as a second edition of the Handbook for European Corporate Boards with the European Conference of Director Associations and a separate German Handbook created in conjunction with the German Federation for Information Security (BSI).

The ISA board and NACD are currently working on the fifth edition of the U.S. Handbook in conjunction with DHS and the FBI.

ISA produced a companion book detailing the roles and responsibilities of senior managers alongside the Cyber Risk Handbooks (in both English and German)
ISA was named to the “Corporate 100 list of the most influential organizations in corporate governance” for the second time in 2017.
UK Edition: Managing Cyber Risk
Japanese Edition: Managing Cyber Risk
Portuguese Edition: Manual de Suporte sobre Risco Cibernético para o Conselho Administrativo
Spanish Edition: Manual de Supervisión de Riesgos Cibernéticos para Juntas Corporativas
Cyber Risk Oversight for Higher Education Boards Handbook
German Edition: Managing Cyber Risk First Edition