Is it Time to Sunset Cybersecurity Awareness Month?

    Posted on October 2, 2017 at 11:28 am

    Sunsetting Cyber Awareness Month.blog.1017October 2, 2017 By Larry Clinton Raise your hand if you know anyone who is unaware that we have a cybersecurity problem. In a field where we are often desperate for any sign of success, I think we can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? […]


    Enabling better Cybersecurity Information Sharing with Small and Medium-sized Partners

    Posted on September 1, 2017 at 12:11 pm

    By Jeff Brown “Information sharing” is one of the most powerful tools organizations can use against cyber threats that can erupt without warning and cause disruption worldwide. Once an organization—any organization, whether public or private sector—spots the tell-tale patterns of a new attack, alerting other organizations of these warning signs can help halt the spread […]


    Cybersecurity and the Resilient Mindset

    Posted on July 17, 2017 at 10:37 am

    By Cindy Fornelli If you spend some time around the issue of cybersecurity, it won’t be long before you encounter the notion of resilience. “Cyber resilience is a public good,” observed a 2017 white paper from the World Economic Forum. A 2013 Presidential Policy Directive declared that “it is the policy of the United States […]


    Petya Provides Context for Briefing Council on Foreign Relations

    Posted on June 29, 2017 at 10:00 am

    It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […]


    Maintaining Cybersecurity During Mergers & Acquisitions

    Posted on June 27, 2017 at 10:56 am

    Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […]


    Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance

    Posted on June 22, 2017 at 11:06 am

    Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […]


    Directors Need to Set the Standards and Expectations for Management to Establish Well-Staffed and Well-Funded Cyber-Risk Framework

    Posted on June 20, 2017 at 10:44 am

    Much like any response plan, a cybersecurity framework is only successful if it is well-staffed and well-funded. Otherwise, it simply will not be able to adequately handle the stresses caused by a breach. In a world where malware and ransomware are increasing both in frequency and severity – Wannacry, for example, affected 200,000 computers in […]


    Boards Need Access to Adequate Cybersecurity Expertise – And Need to Give it Adequate Time on Meeting Agendas

    Posted on June 19, 2017 at 12:56 pm

    Cyber literacy can be considered similar to financial literacy – not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business. As we all know, cybersecurity is very much a moving target. The threats and vulnerabilities change almost daily, and the […]


    Boards Need to Be Aware of Evolving Cyber-Legal Landscape

    Posted on June 14, 2017 at 10:24 am

    Boards of directors face several versions of risk from cyber breaches. Obviously, there is the risk of loss or manipulation of the data. There is also a risk of reputational loss. However, regardless of the actual data or reputational impacts boards need to be concerned about legal risks that can occur unrelated to the other […]


    HHS Points The Way Forward For Improved Cybersecurity

    Posted on June 12, 2017 at 11:35 am

    Last month President Trump issued an Executive Order on cybersecurity that called on all federal agencies to assess their status on information security and for the leadership to take steps required to mediate threats. Last week the Department of Health and Human Services (HHS) released its Healthcare Industry Cybersecurity Task Force report, which provides a […]


    Cybersecurity Principle Number 1 for Boards – It’s Not Just About “IT”

    Posted on June 2, 2017 at 12:07 pm

    It has now become clear that cyber-risk needs oversight at the board of directors level. The problem is that most corporate boards are comprised of “digital immigrants” — people not born into the digital world they now inhabit — and therefore need to learn how to understand cyber-risk. That educational process has been undertaken by […]


    Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

    Posted on May 31, 2017 at 11:00 am

    The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones – and most popular features – of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics. Many experts believe that for the CSF to properly […]


    Reform the Defense Supply Chain to Face the Realities of Conflict in the Digital Age

    Posted on March 7, 2017 at 11:04 am

    For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […]


    Why Isn’t There An Academy Awards Ceremony for Cybersecurity

    Posted on February 27, 2017 at 11:20 am

    Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […]


    Seven Basic Cybersecurity Measures As Revealed By Wisdom Of The Crowd

    Posted on February 21, 2017 at 4:52 pm

    Individual experts offer good advice, but when many people agree on practical steps necessary for better cybersecurity, their consensus carries more weight, at least so long as cybersecurity lacks outcome-based, objective metrics. Accordingly, here are the most important things small and medium-sized organizations should do, according to a survey the Internet Security Alliance did of […]


    Movement in the Right Direction on Cyber Security

    Posted on January 30, 2017 at 11:24 am

    While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data. […]


    Cybersecurity Takes its Place in the Boardroom

    Posted on November 30, 2016 at 11:54 am

    Those recognized by the National Association of Corporate Directors in its annual compilation of 100 most influential individuals and organizations have achievements in fields such as governance, transformation or oversight. Cybersecurity hasn’t typically figured among them – until recently. NACD is recognizing Internet Security Alliance CEO Larry Clinton for the second consecutive year in its […]


    10 Cheap Tricks to Improve Our Cybersecurity: Part I

    Posted on September 6, 2016 at 12:36 pm

    On September 15, 2016, the Internet Security Alliance will publish a 400 page, 17 chapter, book containing 106 recommendations for the incoming Administration and Congress. One of the recommendations is that, frankly, we need to invest more in cyber defense. We are chasing a $500 billion to $1 trillion dollar a year issue with about […]


    IMPACT OF BREXIT VOTE ON CYBER SECURITY: Private Sector Needs To Act Responsibly

    Posted on June 25, 2016 at 12:31 pm

    While I don’t see, much if any, short term operational impacts to cyber security from the Brexit vote, I do think the vote underlines the need for the private sector develop strong partnerships to secure the cyber systems they own and operate independent from government structures. I feel pretty sure not a single UK voter […]


    The Next Administration Needs To Pick Up The Pace

    Posted on May 27, 2016 at 12:40 pm

    By: Larry Clinton, CEO/President THE NEXT ADMINISTRATION NEEDS TO PICK UP THE PACE – A LOT – ON CYBERSECURITY The Pentagon’s 2015 annual report says that most DoD systems are subject to low to mid-level cyberattacks and our defense systems are basically subject to compromise whenever an adversary chooses to do so. If the world’s […]


    Government Needs To Get Its Own Act Together With Respect To Cybersecurity

    Posted on May 20, 2016 at 5:00 am

    By: Larry Clinton, CEO/President Last week, I commented that given we have spent much of the last decade developing a consensus on an overall approach to cybersecurity as articulated in both the House GOP Task Force on Cybersecurity and President Obama’s Executive Order 13636, the one thing we don’t need from the newly appointed President’s […]


    Dear Cyber Commission, We Don’t Need a New Plan

    Posted on May 13, 2016 at 5:00 am

    By: Larry Clinton, CEO/PRESIDENT A wise person once said every great plan eventually dissolves into actual work. What we need right now is actual work on cybersecurity. We have spent much of the past decade, and particularly the last 5 years, coming to a consensus on the best approach to improve our overall cybersecurity. Back […]


    Major Indian Trade Group Seeks Alliance with ISA

    Posted on July 11, 2014 at 3:53 pm

    In November of 2013, Larry Clinton, the President and CEO of the ISA, traveled to India to speak about cyber security issues in the international context. Mr. Clinton traveled to Chennai, India where he spoke with T. K. Ramachandran, a member of the board of governors and the secretary of the ICT Academy of Tamil Nadu […]


    DHS Under Secretary Spaulding inserts ISA recommendations on cyber risk into new National Infrastructure Protection Plan

    Posted on June 12, 2014 at 3:02 pm

    The National Infrastructure Protection Plan (NIPP) established a strategic direction for coordinating the nation’s critical infrastructure protection and resilience initiatives. The new National Plan built on the previous Plan from 2009, and reflects major changes in risk, policy, and operating environments, reflecting “a significant evolution in critical infrastructure risk policy.” This evolution reflects movement toward […]


    White House Releases “Cyber Space Policy Review” — ISA is Most Cited Source

    Posted on June 11, 2014 at 5:20 pm

    Released in 2009, the Cyber Space Policy Review was the Obama Administration’s assessment of U.S. policies and structure for cybersecurity. Drawing heavily from the Internet Security Alliance as a resource, the paper outlined a path forward to creating a reliable and resilient digital infrastructure. Covering resources including the Cyber Security Social Contract, white papers, and […]


    ISA Hosts Conference on Cyber Security at White House Featuring DHS Secretary

    Posted on at 5:13 pm

    The Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security featuring DHS Secretary Janet Napolitano. The session allowed guests to engage with the DHS secretary in a robust question and answer session in a more intimate setting. The DHS Deputy Under Secretary for Cybersecurity for the […]


    ISA takes Lead Role in Construction of NIST Framework

    Posted on at 4:58 pm

    In response to the February 2013 executive order released by President Obama, titled “Improving Critical Infrastructure Cybersecurity”, the National Institute of Standards and Technology (NIST) has undertaken the vital task of developing a new set of guidelines and standards to promote better cyber security practices in both the public and private sector. Known as the […]


    Obama’s Cybersecurity Executive Order 13636

    Posted on at 1:37 pm

    In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which formalized the Administration’s adoption of principals proposed by the Internet Security Alliance. The Executive Order departed from the regulatory model that the Administration previously embraced that would have granted the Department of Homeland Security extensive authority to mandate cyber security standards […]


    NACD Asks ISA For Best Practices Guide

    Posted on June 10, 2014 at 4:49 pm

    <h3>NACD asks ISA to create best practices guide for corporate board of directors</h3> The National Association of Corporate Directors (NACD) asked ISA to put together a guide of best practices for corporate directors. With input from the ISA Board of Directors, and in close collaboration with AIG, ISA was tasked to identify best practices in […]


    ISA Criteria For Assessing The Cybersecurity Exec Order

    Posted on February 20, 2014 at 1:40 pm

    Click Here for Full Document   EXECUTIVE SUMMARY – ASSESSING PRESIDENT OBAMA’S EXECUTIVE ORDER ON CYBER SECURITY Upon realizing that comprehensive cyber security legislation to address the nation’s growing cyber security problem was unlikely to pass the Congress, President Obama issued an Executive Order on the subject in February 2013. The Order marked a watershed moment […]


    Media Asks ISA To Comment On WH Cyber Order

    Posted on October 11, 2013 at 12:41 pm

    ISA on CNBC On February 13, 2013, following the release of the Obama Administration’s Executive Order, CNBC’s “Power Lunch” asked ISA President Larry Clinton to appear on the show to discuss how the Executive Order will impact the private sector and solicit ISA’s view on its implications.  To watch the segment, please proceed to ISA […]


    “Cyber Czar” Praises ISA on Health Care Program

    Posted on July 5, 2012 at 3:00 pm

    In an unusual move, the White House’s cyber security lead, the so called “Cyber Czar,” Howard Schmidt joined the ISA, ANSI, and the Santa Fe Group at the National Press Club  for the launch of the ISA’s most recent publication in its Financial Risk Management Program: “The Financial Impact of Breached Protected Health Information – […]


    ISA Testimony Leads To Bipartisan Cyber Incentives Effort

    Posted on at 2:27 pm

    ISA’s long-standing efforts to create an economically viable and sustainable approach to cybersecurity reached a milestone following an unusually collaborative and non-partisan hearing before the House Energy and Commerce Subcommittee on Communications and Technology on February 8, 2012. After the hearing, Chairman Greg Walden (R-OR) and Ranking Member Anna Eshoo (D-CA) formed a bipartisan Task […]


    ISA Leads Effort W/DHS To “Reboot” Ind-Govt Partership

    Posted on at 2:06 pm

    Since the crafting of the National Infrastructure Protection Plan (NIPP), the ISA has taken a lead role in seeking a viable partnership between government and industry to address the unique problems in defending integrated cyber systems against increasingly sophisticated attacks. ISA outlined a re-drafted model in its Cyber Security “Social Contract” (2008) and “Social Contract […]


    ISA Briefs FDIC On ISA’s Financial Cyber Risk Program

    Posted on at 2:02 pm

    Starting in 2006, the ISA began its program on the Financial Management of Cyber Risk, which resulted in the first of its publications on this subject: “The Financial Impact of Cyber Risk – 50 Questions Every CFO Should Ask.” ISA’s and follow-up publication, “The Financial Management of Cyber Risk – An Implementation Framework for CFOs,” […]


    ISA and Michael Chertoff Keynote World Nuclear Security Event

    Posted on at 2:00 pm

    The World Institute of Nuclear Security (WINS) contacted the ISA in late 2011 for assistance in developing an incentive-based model for nuclear facility security that is global in scale. In conjunction with this request, ISA President Clinton, along with DHS Secretary Michael Chertoff, was asked to keynote the WINS international nuclear security conference in Vienna, […]


    ISA Briefs Congress On Information Sharing

    Posted on at 1:55 pm

    Information sharing is one of the most important tools in implementing a sustainable system of cybersecurity. However, the traditional information sharing models have been proven generally to be of limited effectiveness in that many organizations cannot devote the resources to participate in an Information Sharing and Analysis Center (ISAC) and because many of the traditionally […]


    ISA Briefs NATO Cyber Centre For Excellence

    Posted on at 1:52 pm

    While many of ISA’s member companies are U.S.-based, virtually all of them are multi-national and operate internationally. Because of this and the nature of the problem, itself, ISA has always taken an international approach to cybersecurity (2 of the past 5 ISA Board Chairs have hailed from European headquartered organizations). Shortly after ISA reiterated and […]


    ISA Releases Cyber Supply Chain Roadmap

    Posted on at 1:50 pm

      The ISA launched its first supply chain program in 2005, in conjunction with ISA Founding Partner Carnegie Mellon University. Since then, ISA has released a series of reports on managing the IT supply chain for security purposes with ever greater specificity. In 2007, ISA released its report with Carnegie Mellon on the nature of […]


    House GOP Task Force Report On Cybersecurity Adopts ISA Recommend

    Posted on at 1:47 pm

    In the 112th Congress, a high-level task force convened by House Speaker John Boehner (R-OH) endorsed the approach laid out by ISA in the Cyber Security Social Contract. When the House GOP Task Force on Cyber Security convened, ISA was the first witness called to provide recommendations.The House Republican Task Force Report on Cyber Security, […]


    ISA Hosts White House Event on Cybersecurity And Economy

    Posted on at 1:40 pm

    On June 6, 2012, the Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security. DHS Secretary Janet Napolitano was the featured speaker, providing opening comments and engaged the invited guests in an open and robust question and answer session. Mark Weatherford, the DHS Deputy Under Secretary […]


    Transcript: Is The Web Becoming Less Secure? – PBS News Hour

    Posted on December 12, 2010 at 2:13 pm

    In the wake of the Gawker Media hacking over the weekend, Jeffrey Brown gets a wider perspective about the vulnerability of online information and the danger of further cyberattacks from James Lewis of the Center for Strategic and International Studies and Larry Clinton of the Internet Security Alliance. To view the video of this exchange, […]