The Coronavirus Pandemic Has Created Novel Cybersecurity Challenges — But It May Also Give Us a Solution to the Cybersecurity Workforce Problem

    Posted on May 7, 2020 at 11:26 am

    By Josh Higgins, Senior Director of Policy and Communications The COVID-19 pandemic has created many new challenges for companies — such as managing a remote workforce, adopting new suppliers and cloud services, and a vastly expanded cyber-threat landscape — as the world works to maintain productivity through primarily virtual means. However, despite all these new […]

    Coronavirus Creates New Insider Cyber Threat and How to Treat It

    Posted on April 6, 2020 at 11:41 am

    Instantaneous, Unplanned, Digital Transformation Creates Massive Cyber Risk By Larry Clinton Insiders are generally identified as the locus of about half of successful cyber-attacks. The 2020 edition of the Cyber-Risk Oversight Handbook published by the National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) last month (available free of charge here). identifies the […]

    ISA Board of Directors Offers Cybersecurity Best Practices for COVID-19 Crisis

    Posted on April 2, 2020 at 10:56 am

    The outbreak of coronavirus globally has created a new reality vastly increasing how much business is done online: While this new virtual reality is essential to sustaining business during the pandemic, it is critical that corporate boards are also aware of the increased cybersecurity threat from this intensified, and often unplanned, utilization of technology. As […]

    Top Ten Reasons Why Cybersecurity Is Like Coronavirus

    Posted on March 16, 2020 at 4:47 pm

    By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […]

    Cyber Principle Two for Boards: Know Your Legal Obligations

    Posted on March 11, 2020 at 10:48 am

    This is the second in a series of blogs distilling the cybersecurity advice for boards of directors contained in the new Cyber-Risk Oversight 2020 Handbook published by the National Association of Corporate Directors and the Internet Security Alliance. By Larry Clinton In 2015, ISA, along with Georgia Tech, the New York Stock Exchange, and Palo […]

    The First Principle of Cybersecurity — It’s Not an “IT” Issue

    Posted on March 2, 2020 at 10:37 am

    By Larry Clinton At last week’s RSA Conference, the National Association of Corporate Directors (NACD) in partnership with the ISA published Cyber Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards. This is the third in a series of cyber-risk handbooks ISA and NACD have partnered on since 2014, and like the previous […]


    Posted on February 5, 2020 at 12:47 pm

    WHAT I HEARD AT THE G-20 CYBERSECURITY DIALOGUE THIS WEEK This week I was honored to be one of the 17 outside experts (3 Americans including myself) asked to address the official G-20 Cybersecurity Dialogue in Riyadh, Saudi Arabia. This meeting was designed to assist the G-20 Digital Economic agenda for this fall’s full G-20 […]

    What I’ll Tell the G20 Cybersecurity Dialogue Meeting in Riyadh Today

    Posted on February 3, 2020 at 7:16 am

    By Larry Clinton I’m honored to be one of about 15 outside speakers who have been asked to address the G20 Cybersecurity Dialogue — part of the G20 Digital Economy Task Force — at their invitation–only meeting in Riyadh. I’m delighted that the world’s largest economies are launching an effort to look at our cybersecurity problems […]

    Solarium Commission Off to a Good Start: What’s Next (Part II)

    Posted on January 9, 2020 at 10:30 am

    Cyberspace Solarium Commission Co-Chair Sen. Angus King (I-ME) has “leaked” to us that the Commission is virtually unanimous in the desire to see government process for cybersecurity overhauled. As we discussed in this space yesterday, that is a great, if not exactly novel, idea. But as the old saying goes, every great idea eventually devolves […]

    ISA: Solarium Commission is Off to a Good Start, Now What?

    Posted on January 8, 2020 at 9:32 am

    In 2016 the ISA published a 12-step program for Congress and the new Administration to address the growing cybersecurity threat. Number 4 on the list (after act with greater urgency, spend more money, and understand cybersecurity is not just about IT) was that “Government needed to get organized to reflect the digital age.” Yesterday the […]

    Global Consensus of Industry to Address Cyber Reaches Asia, Is Government Far Behind?

    Posted on October 31, 2019 at 11:42 am

    by Larry Clinton Yes, they are.  While corporate boards of directors worldwide are developing programs to increase own their understanding of the cyber threat and taking action to address it, the government equivalent of corporate boards – legislators, agency heads, and the like – seem content to tell others what to do while not seriously […]

    U.S., German, and Latin American Boards and Cybersecurity: Similarities and Differences

    Posted on October 28, 2019 at 10:00 am

    by Larry Clinton In a field seemingly overpopulated with remarkably similar programs on cybersecurity, the Organization of American States, of all places, will host a unique program at their Washington, D.C. headquarters on November 8. OAS, along with the Cyber Security Council of Germany and the Internet Security Alliance, will discuss the findings of a […]


    Posted on October 2, 2019 at 8:49 am

    by Larry Clinton I expect virtually everyone who might be reading this blog knows that October is Cybersecurity Awareness month. But I doubt the total number of people in the Unites States who know October is “our” month rises above five figures. Of course, awareness that we have a cyber security problem is virtually unanimous. […]


    Posted on October 1, 2019 at 10:24 am

    by Larry Clinton I have opined in the past, somewhat tongue in cheek, that Cyber Security Awareness Month may be a bit outdated—is there really anyone unaware that we have a cyber security problem in 2019? Perhaps Cybersecurity understanding month is a bit timelier and more needed. However, in the spirit of the cyber season […]


    Posted on September 30, 2019 at 1:43 pm

    by Larry Clinton On Friday I was honored to provide the closing keynote speech at the Organization of American States’ (OAS) Cybersecurity Symposium in Santiago, Chile. The purpose of the event was to unveil and release the first Cyber-Risk Oversight Handbook for Corporate Boards targeted for the entire Latin American region. The Handbook is part […]

    DHS Taking Steps in the Right Direction on Cyber Risk Management

    Posted on August 12, 2019 at 11:03 am

    by Larry Clinton Perhaps the one thing virtually everyone in the cybersecurity field agrees on is that, notwithstanding many laudable efforts, we are losing the fight to secure cyberspace. Illustrative of this reality, the Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, has wisely commented we need a new […]

    Mandatory Cybersecurity Training for Congress: What Kind of Training?

    Posted on July 31, 2019 at 9:52 am

    by Larry Clinton Last week, the bipartisan Select Committee on the Modernization of Congress issued a list of two dozen recommendations designed to “make Congress more reflective and responsive to the American people.” One recommendation stands out as particularly timely, visionary and practical: “Making cybersecurity training mandatory for Members.” Finally, a cybersecurity mandate that makes […]

    Capital One Breach Highlights the Danger of Insider Threats

    Posted on July 30, 2019 at 1:27 pm

    by Josh Higgins When companies think about cybersecurity threats, they often think of a hacker in some far-off place using sneaky tactics to gain access to their systems. However, Capital One’s announcement Monday of a major data breach highlights another major, yet often overlooked, cyber threat: The insider. Similar to other cyber incidents, the newly […]

    Accountability in Cybersecurity is a Two-Way Street

    Posted on July 29, 2019 at 11:48 am

    The biggest story in cybersecurity this past week was the eye-popping $5 billion dollar (that’s billion with a B) fine the FTC placed on Facebook for not adequately fulfilling its responsibilities to protect its consumer’s data. Probably just as painful to Facebook, and its CEO, as the fine itself is having to publicly acknowledge their […]

    Regulators: Don’t Make the Same Cyber Mistakes Over Again

    Posted on July 19, 2019 at 2:27 pm

    It’s not news that cyber-attacks are increasing both in number and sophistication and that the increasing criticality of the attack methods demands increased attention especially with respect to critical infrastructures. Also, due to the uniqueness of information systems, the speed with which attack methods and technologies change the traditional regulatory model has been deemed to […]

    MAN BITES DOG: State Regulators Want Cyber Reg Reform

    Posted on June 26, 2019 at 1:31 pm

    Yesterday Congressman Cedric Richmond, Chair of the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Innovation announced in the wake of the recent ransomware attacks on local jurisdictions like Atlanta and Baltimore that he is going to propose a series of legislative efforts to assist the municipalities because “we can’t expect under-resourced, understaffed, state and […]

    Brush with Greatness: A Chat with a Man Who May Be the Tipping Point Toward Effective Cybersecurity

    Posted on June 21, 2019 at 10:47 am

    by Larry Clinton The greatest cyber risk an organization can have is doing a faulty cyber-risk assessment. This is one of the key insights from Doug Hubbard’s paradigm-shifting book “How to Measure Anything in Cybersecurity Risk”. While in Chicago this week to do a series of Master Classes on the Economics of Cyber Risk for […]

    Corporate Directors Take the Next Step on Cybersecurity: Where’s Congress?

    Posted on June 18, 2019 at 11:27 am

    by Larry Clinton In Chicago this week the National Association of Corporate Directors (NACD) will host the first in a series of nationwide events on the economics of cybersecurity. The courses start with a brief discussion of the now well-known existence of cyber-attacks on enterprises. However, they quickly move beyond the problem and instruct board […]

    We Need Sensible Cybersecurity Regulations – More Is Not Necessarily Better

    Posted on June 12, 2019 at 11:08 am

    by Larry Clinton When the ISA published the Cybersecurity Social Contract three years ago, one of the facts we documented was that some in critical industries were being forced to divert between 30%-40% of their scarce cybersecurity resources to largely redundant regulatory compliance. This fact highlights the twin maladies of undermining efforts to strengthen cybersecurity without improving either […]

    Experts from GE and FIS Help Students Deal with the Inevitable: Cyber Attacks

    Posted on June 6, 2019 at 11:00 am

    Once upon a time, industry experts would caution students and conference attendees that with cyber-attacks, it was not a question of if, but when. That adage has now matured into a more modern version: There are only two types of companies — those who know they have been successfully compromised, and those that don’t know […]

    Cyber Experts Will Help Wharton Students Address the “Most Vexing Challenge”

    Posted on June 5, 2019 at 10:56 am

    The insider threat has become one of the biggest threats in the realm of cybersecurity. Despite the amount of risk posed by insiders, corporate executives often lack the awareness of the threat to adequately address it. That is why the Internet Security Alliance’s upcoming course on cybersecurity at the ABA Stonier Graduate Program at the […]

    The EU Privacy Law is Not Working, But Why?

    Posted on May 30, 2019 at 10:06 am

    by Larry Clinton In 2016 the European Union enacted arguably the most stringent privacy law in the western world. Following a two-year transition, the law went into full effect last May. Although advocates had suggested the stringent penalties in the General Data Protection Regulation (GDPR) would deter individual privacy invasions and reduce market domination from […]

    European corporate boards agree to create European adaptation of Cyber-Risk Oversight Handbook

    Posted on May 28, 2019 at 11:26 am

    by Larry Clinton This week the board of directors of the European Confederation of Directors Associations (ecoDa) agreed to work with the Internet Security Alliance (ISA) on a European adaptation of the Cyber-Risk Oversight Handbook originally published by the National Association of Corporate Directors in the U.S. This agreement indicates further progress that corporate boards […]

    Washington Can Help States Face Cybersecurity Threats by Harmonizing Regulations

    Posted on May 15, 2019 at 12:52 pm

    by Dan Lips The National Governors Association is meeting in Louisiana this week for its biannual cybersecurity summit. An important topic of consideration is how Washington can help state governments by harmonizing regulations. Doing so would let states focus their attention on confronting worsening cybersecurity threats, rather than answering federal auditors. “On any given day, […]

    Congress Needs Training in Cybersecurity — The Right Kind of Training

    Posted on May 14, 2019 at 10:17 am

    by Larry Clinton   Kudos to Representatives Kathleen Rice (D) and John Katko (R) for their bipartisan legislation requiring Members of Congress to receive training in cybersecurity. Give congressional representatives an IT tool and they can secure the nation for a day — maybe. Teach Congress how to truly understand and manage cyber risk and we […]

    U.S.-Japanese Cyber Collaboration Needs to Include the Private Sector

    Posted on May 9, 2019 at 12:26 pm

    by Larry Clinton While much of the attention on President Trump’s upcoming visit to Japan will focus on North Korean nuclear issues, a critical, if under-reported, element of the visit will be to bolster U.S.-Japanese cyber defenses. In a speech to the Hudson Institute last week, U.S. Ambassador to Japan William Hagerty acknowledged the importance […]

    Annual FBI Internet Crime Report Finds $2.7 Billion in Losses in 2018

    Posted on April 29, 2019 at 2:41 pm

    Internet-enabled crime was responsible for $2.7 billion in losses in 2018, according to the FBI’s annual Internet Crime Report. The data confirms industry concerns about growing cybersecurity threats. The FBI’s Internet Crime Complaint Center (IC3) reported an increase in the number of complaints from 301,580 in 2017 to 351,000 in 2018, or more than 900 […]

    Should we start regulating cybersecurity in the supply chain? Not so fast.

    Posted on April 26, 2019 at 11:30 am

    Supply chain has become the hot topic in cybersecurity inside the Beltway in recent months – and for good reason. The British Standards Institution just this week released a new report on the supply chain identifying cybersecurity as one of the greatest security threats within the supply chain. The federal government has also taken notice to […]

    ISA Top 2018 Highlights

    Posted on January 28, 2019 at 9:00 am

    ISA appointed industry co-chair (DHS is government co-chair) of the Policy Leadership Working Group charged by DHS Asst. Secretary for Cyber Security Jeanette Manfra with articulating the details of a Collective Cybersecurity Defense Model the Trump Administration wants to promote for cybersecurity. Policy Leadership Working Group produces a joint government-industry white paper defining the Collective […]

    We need a new approach to cyber risk assessment

    Posted on September 21, 2018 at 12:47 pm

    “Garbage in, garbage out.” For years, cyber risk assessments have often revolved around checklists of standards and practices that IT professionals can use to check off what they’ve done, but that model is insufficient, producing results that are hindering cybersecurity. ISA President Larry Clinton, at the Command and Control conference on Friday, September 21, called […]

    At DEFCON, DHS Gets it Right on Cyber – We Need to Rethink Incentives

    Posted on August 14, 2018 at 10:09 am

    When DHS Assistant Secretary for Cyber Security Jeanette Manfra addressed the hackers at the annual Las Vegas showcase for modern wizardry, she didn’t focus on standards and bots. She talked about how digitization changes everything and the need to look at cybersecurity through an economic lens. She got it exactly right. “For the first time […]

    Happy New Year: We Need a New Approach to Cybersecurity

    Posted on January 2, 2018 at 11:05 am

    By Larry Clinton   We all know we are losing the battle to secure cyber space – badly. Maybe our New Year’s resolution ought to be to recognize this fact and come up with a new approach to the problem. The old ones don’t seem to be working.   Specifically, we should consider moving away […]

    Is it Time to Sunset Cybersecurity Awareness Month?

    Posted on October 2, 2017 at 11:28 am

    Sunsetting Cyber Awareness Month.blog.1017October 2, 2017 By Larry Clinton Raise your hand if you know anyone who is unaware that we have a cybersecurity problem. In a field where we are often desperate for any sign of success, I think we can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? […]

    Enabling better Cybersecurity Information Sharing with Small and Medium-sized Partners

    Posted on September 1, 2017 at 12:11 pm

    By Jeff Brown “Information sharing” is one of the most powerful tools organizations can use against cyber threats that can erupt without warning and cause disruption worldwide. Once an organization—any organization, whether public or private sector—spots the tell-tale patterns of a new attack, alerting other organizations of these warning signs can help halt the spread […]

    Cybersecurity and the Resilient Mindset

    Posted on July 17, 2017 at 10:37 am

    By Cindy Fornelli If you spend some time around the issue of cybersecurity, it won’t be long before you encounter the notion of resilience. “Cyber resilience is a public good,” observed a 2017 white paper from the World Economic Forum. A 2013 Presidential Policy Directive declared that “it is the policy of the United States […]

    Petya Provides Context for Briefing Council on Foreign Relations

    Posted on June 29, 2017 at 10:00 am

    It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […]

    Maintaining Cybersecurity During Mergers & Acquisitions

    Posted on June 27, 2017 at 10:56 am

    Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […]

    Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance

    Posted on June 22, 2017 at 11:06 am

    Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […]

    Directors Need to Set the Standards and Expectations for Management to Establish Well-Staffed and Well-Funded Cyber-Risk Framework

    Posted on June 20, 2017 at 10:44 am

    Much like any response plan, a cybersecurity framework is only successful if it is well-staffed and well-funded. Otherwise, it simply will not be able to adequately handle the stresses caused by a breach. In a world where malware and ransomware are increasing both in frequency and severity – Wannacry, for example, affected 200,000 computers in […]

    Boards Need Access to Adequate Cybersecurity Expertise – And Need to Give it Adequate Time on Meeting Agendas

    Posted on June 19, 2017 at 12:56 pm

    Cyber literacy can be considered similar to financial literacy – not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business. As we all know, cybersecurity is very much a moving target. The threats and vulnerabilities change almost daily, and the […]

    Boards Need to Be Aware of Evolving Cyber-Legal Landscape

    Posted on June 14, 2017 at 10:24 am

    Boards of directors face several versions of risk from cyber breaches. Obviously, there is the risk of loss or manipulation of the data. There is also a risk of reputational loss. However, regardless of the actual data or reputational impacts boards need to be concerned about legal risks that can occur unrelated to the other […]

    HHS Points The Way Forward For Improved Cybersecurity

    Posted on June 12, 2017 at 11:35 am

    Last month President Trump issued an Executive Order on cybersecurity that called on all federal agencies to assess their status on information security and for the leadership to take steps required to mediate threats. Last week the Department of Health and Human Services (HHS) released its Healthcare Industry Cybersecurity Task Force report, which provides a […]

    Cybersecurity Principle Number 1 for Boards – It’s Not Just About “IT”

    Posted on June 2, 2017 at 12:07 pm

    It has now become clear that cyber-risk needs oversight at the board of directors level. The problem is that most corporate boards are comprised of “digital immigrants” — people not born into the digital world they now inhabit — and therefore need to learn how to understand cyber-risk. That educational process has been undertaken by […]

    Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework

    Posted on May 31, 2017 at 11:00 am

    The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones – and most popular features – of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics. Many experts believe that for the CSF to properly […]

    Reform the Defense Supply Chain to Face the Realities of Conflict in the Digital Age

    Posted on March 7, 2017 at 11:04 am

    For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […]

    Why Isn’t There An Academy Awards Ceremony for Cybersecurity

    Posted on February 27, 2017 at 11:20 am

    Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […]

    Seven Basic Cybersecurity Measures As Revealed By Wisdom Of The Crowd

    Posted on February 21, 2017 at 4:52 pm

    Individual experts offer good advice, but when many people agree on practical steps necessary for better cybersecurity, their consensus carries more weight, at least so long as cybersecurity lacks outcome-based, objective metrics. Accordingly, here are the most important things small and medium-sized organizations should do, according to a survey the Internet Security Alliance did of […]

    Movement in the Right Direction on Cyber Security

    Posted on January 30, 2017 at 11:24 am

    While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data. […]

    Cybersecurity Takes its Place in the Boardroom

    Posted on November 30, 2016 at 11:54 am

    Those recognized by the National Association of Corporate Directors in its annual compilation of 100 most influential individuals and organizations have achievements in fields such as governance, transformation or oversight. Cybersecurity hasn’t typically figured among them – until recently. NACD is recognizing Internet Security Alliance CEO Larry Clinton for the second consecutive year in its […]

    10 Cheap Tricks to Improve Our Cybersecurity: Part I

    Posted on September 6, 2016 at 12:36 pm

    On September 15, 2016, the Internet Security Alliance will publish a 400 page, 17 chapter, book containing 106 recommendations for the incoming Administration and Congress. One of the recommendations is that, frankly, we need to invest more in cyber defense. We are chasing a $500 billion to $1 trillion dollar a year issue with about […]

    IMPACT OF BREXIT VOTE ON CYBER SECURITY: Private Sector Needs To Act Responsibly

    Posted on June 25, 2016 at 12:31 pm

    While I don’t see, much if any, short term operational impacts to cyber security from the Brexit vote, I do think the vote underlines the need for the private sector develop strong partnerships to secure the cyber systems they own and operate independent from government structures. I feel pretty sure not a single UK voter […]

    The Next Administration Needs To Pick Up The Pace

    Posted on May 27, 2016 at 12:40 pm

    By: Larry Clinton, CEO/President THE NEXT ADMINISTRATION NEEDS TO PICK UP THE PACE – A LOT – ON CYBERSECURITY The Pentagon’s 2015 annual report says that most DoD systems are subject to low to mid-level cyberattacks and our defense systems are basically subject to compromise whenever an adversary chooses to do so. If the world’s […]

    Government Needs To Get Its Own Act Together With Respect To Cybersecurity

    Posted on May 20, 2016 at 5:00 am

    By: Larry Clinton, CEO/President Last week, I commented that given we have spent much of the last decade developing a consensus on an overall approach to cybersecurity as articulated in both the House GOP Task Force on Cybersecurity and President Obama’s Executive Order 13636, the one thing we don’t need from the newly appointed President’s […]

    Dear Cyber Commission, We Don’t Need a New Plan

    Posted on May 13, 2016 at 5:00 am

    By: Larry Clinton, CEO/PRESIDENT A wise person once said every great plan eventually dissolves into actual work. What we need right now is actual work on cybersecurity. We have spent much of the past decade, and particularly the last 5 years, coming to a consensus on the best approach to improve our overall cybersecurity. Back […]

    Major Indian Trade Group Seeks Alliance with ISA

    Posted on July 11, 2014 at 3:53 pm

    In November of 2013, Larry Clinton, the President and CEO of the ISA, traveled to India to speak about cyber security issues in the international context. Mr. Clinton traveled to Chennai, India where he spoke with T. K. Ramachandran, a member of the board of governors and the secretary of the ICT Academy of Tamil Nadu […]

    DHS Under Secretary Spaulding inserts ISA recommendations on cyber risk into new National Infrastructure Protection Plan

    Posted on June 12, 2014 at 3:02 pm

    The National Infrastructure Protection Plan (NIPP) established a strategic direction for coordinating the nation’s critical infrastructure protection and resilience initiatives. The new National Plan built on the previous Plan from 2009, and reflects major changes in risk, policy, and operating environments, reflecting “a significant evolution in critical infrastructure risk policy.” This evolution reflects movement toward […]

    White House Releases “Cyber Space Policy Review” — ISA is Most Cited Source

    Posted on June 11, 2014 at 5:20 pm

    Released in 2009, the Cyber Space Policy Review was the Obama Administration’s assessment of U.S. policies and structure for cybersecurity. Drawing heavily from the Internet Security Alliance as a resource, the paper outlined a path forward to creating a reliable and resilient digital infrastructure. Covering resources including the Cyber Security Social Contract, white papers, and […]

    ISA Hosts Conference on Cyber Security at White House Featuring DHS Secretary

    Posted on at 5:13 pm

    The Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security featuring DHS Secretary Janet Napolitano. The session allowed guests to engage with the DHS secretary in a robust question and answer session in a more intimate setting. The DHS Deputy Under Secretary for Cybersecurity for the […]

    ISA takes Lead Role in Construction of NIST Framework

    Posted on at 4:58 pm

    In response to the February 2013 executive order released by President Obama, titled “Improving Critical Infrastructure Cybersecurity”, the National Institute of Standards and Technology (NIST) has undertaken the vital task of developing a new set of guidelines and standards to promote better cyber security practices in both the public and private sector. Known as the […]

    Obama’s Cybersecurity Executive Order 13636

    Posted on at 1:37 pm

    In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which formalized the Administration’s adoption of principals proposed by the Internet Security Alliance. The Executive Order departed from the regulatory model that the Administration previously embraced that would have granted the Department of Homeland Security extensive authority to mandate cyber security standards […]

    NACD Asks ISA For Best Practices Guide

    Posted on June 10, 2014 at 4:49 pm

    <h3>NACD asks ISA to create best practices guide for corporate board of directors</h3> The National Association of Corporate Directors (NACD) asked ISA to put together a guide of best practices for corporate directors. With input from the ISA Board of Directors, and in close collaboration with AIG, ISA was tasked to identify best practices in […]

    ISA Criteria For Assessing The Cybersecurity Exec Order

    Posted on February 20, 2014 at 1:40 pm

    Click Here for Full Document   EXECUTIVE SUMMARY – ASSESSING PRESIDENT OBAMA’S EXECUTIVE ORDER ON CYBER SECURITY Upon realizing that comprehensive cyber security legislation to address the nation’s growing cyber security problem was unlikely to pass the Congress, President Obama issued an Executive Order on the subject in February 2013. The Order marked a watershed moment […]

    Media Asks ISA To Comment On WH Cyber Order

    Posted on October 11, 2013 at 12:41 pm

    ISA on CNBC On February 13, 2013, following the release of the Obama Administration’s Executive Order, CNBC’s “Power Lunch” asked ISA President Larry Clinton to appear on the show to discuss how the Executive Order will impact the private sector and solicit ISA’s view on its implications.  To watch the segment, please proceed to ISA […]

    “Cyber Czar” Praises ISA on Health Care Program

    Posted on July 5, 2012 at 3:00 pm

    In an unusual move, the White House’s cyber security lead, the so called “Cyber Czar,” Howard Schmidt joined the ISA, ANSI, and the Santa Fe Group at the National Press Club  for the launch of the ISA’s most recent publication in its Financial Risk Management Program: “The Financial Impact of Breached Protected Health Information – […]

    ISA Testimony Leads To Bipartisan Cyber Incentives Effort

    Posted on at 2:27 pm

    ISA’s long-standing efforts to create an economically viable and sustainable approach to cybersecurity reached a milestone following an unusually collaborative and non-partisan hearing before the House Energy and Commerce Subcommittee on Communications and Technology on February 8, 2012. After the hearing, Chairman Greg Walden (R-OR) and Ranking Member Anna Eshoo (D-CA) formed a bipartisan Task […]

    ISA Leads Effort W/DHS To “Reboot” Ind-Govt Partership

    Posted on at 2:06 pm

    Since the crafting of the National Infrastructure Protection Plan (NIPP), the ISA has taken a lead role in seeking a viable partnership between government and industry to address the unique problems in defending integrated cyber systems against increasingly sophisticated attacks. ISA outlined a re-drafted model in its Cyber Security “Social Contract” (2008) and “Social Contract […]

    ISA Briefs FDIC On ISA’s Financial Cyber Risk Program

    Posted on at 2:02 pm

    Starting in 2006, the ISA began its program on the Financial Management of Cyber Risk, which resulted in the first of its publications on this subject: “The Financial Impact of Cyber Risk – 50 Questions Every CFO Should Ask.” ISA’s and follow-up publication, “The Financial Management of Cyber Risk – An Implementation Framework for CFOs,” […]

    ISA and Michael Chertoff Keynote World Nuclear Security Event

    Posted on at 2:00 pm

    The World Institute of Nuclear Security (WINS) contacted the ISA in late 2011 for assistance in developing an incentive-based model for nuclear facility security that is global in scale. In conjunction with this request, ISA President Clinton, along with DHS Secretary Michael Chertoff, was asked to keynote the WINS international nuclear security conference in Vienna, […]

    ISA Briefs Congress On Information Sharing

    Posted on at 1:55 pm

    Information sharing is one of the most important tools in implementing a sustainable system of cybersecurity. However, the traditional information sharing models have been proven generally to be of limited effectiveness in that many organizations cannot devote the resources to participate in an Information Sharing and Analysis Center (ISAC) and because many of the traditionally […]

    ISA Briefs NATO Cyber Centre For Excellence

    Posted on at 1:52 pm

    While many of ISA’s member companies are U.S.-based, virtually all of them are multi-national and operate internationally. Because of this and the nature of the problem, itself, ISA has always taken an international approach to cybersecurity (2 of the past 5 ISA Board Chairs have hailed from European headquartered organizations). Shortly after ISA reiterated and […]

    ISA Releases Cyber Supply Chain Roadmap

    Posted on at 1:50 pm

      The ISA launched its first supply chain program in 2005, in conjunction with ISA Founding Partner Carnegie Mellon University. Since then, ISA has released a series of reports on managing the IT supply chain for security purposes with ever greater specificity. In 2007, ISA released its report with Carnegie Mellon on the nature of […]

    House GOP Task Force Report On Cybersecurity Adopts ISA Recommend

    Posted on at 1:47 pm

    In the 112th Congress, a high-level task force convened by House Speaker John Boehner (R-OH) endorsed the approach laid out by ISA in the Cyber Security Social Contract. When the House GOP Task Force on Cyber Security convened, ISA was the first witness called to provide recommendations.The House Republican Task Force Report on Cyber Security, […]

    ISA Hosts White House Event on Cybersecurity And Economy

    Posted on at 1:40 pm

    On June 6, 2012, the Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security. DHS Secretary Janet Napolitano was the featured speaker, providing opening comments and engaged the invited guests in an open and robust question and answer session. Mark Weatherford, the DHS Deputy Under Secretary […]

    Transcript: Is The Web Becoming Less Secure? – PBS News Hour

    Posted on December 12, 2010 at 2:13 pm

    In the wake of the Gawker Media hacking over the weekend, Jeffrey Brown gets a wider perspective about the vulnerability of online information and the danger of further cyberattacks from James Lewis of the Center for Strategic and International Studies and Larry Clinton of the Internet Security Alliance. To view the video of this exchange, […]