ISA, NACD, and DHS Will Discuss Cybersecurity “From the Top Down”

September 19, 2019

Larry Clinton
President and CEO, Internet Security Alliance
(202) 236-0001

The President of the National Association of Corporate Directors (NACD), Peter Gleason, the President of the Internet Security Alliance (ISA), Larry Clinton, and the Assistant Director of the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), Daniel Kroese, will join forces to discuss effective cybersecurity from the board of directors’ level in a featured program at CISA’s second-annual Cybersecurity Summit on Friday at 10 a.m.

NACD’s Gleason noted that his organization, and partner organizations of directors globally, were focused on improving effective cybersecurity “from the top down,” in announcing the continuation of the NACD and ISA’s collaborative efforts on cybersecurity earlier this week.

“While there has been a great deal of attention on cybersecurity from a bottom-up perspective — focusing on technical operational issues — it is just as important to address senior policymakers at the board level. It is the boards who set the overall strategy including the risk appetite and budget allocations for cyber defense of privately-owned critical infrastructure. In order to engage the board members, we need to elevate the conversation on cybersecurity and embed cyber issues in terms boards are comfortable with,” said ISA’s Clinton.

“Boards of directors don’t spend a lot of time talking about NIST Frameworks and ISO technical standards,” Clinton noted. “They talk about mergers and acquisitions, PE ratios, and innovation. What we have done in collaboration with NACD and DHS is locate cybersecurity in these terms.  What are the cybersecurity implications of a merger or acquisition? What are the cybersecurity issues of developing a new product and thus a new supply chain?  By placing cyber issues in these terms and providing them a set of toolkits in the products NACD produces for them, we can develop a more enterprise-wide approach to cybersecurity which is what we need,” Clinton said.

The top-down approach has been shown to be effective. PricewaterhouseCoopers reported in a recent Global Information Security Survey that organizations that use the NACD Handbook have significantly higher cybersecurity budgets, better risk management, closer alignment of cyber with overall business goals, and a culture of security as compared to those who don’t.

DHS’s Kroese is expected to add the government’s perspective on this top-down approach during the panel discussion. DHS has endorsed and contributed to several editions of the NACD Cyber Risk Handbook. The third edition of the handbook will be released early in 2020.

About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.