October 05, 2023
Introduction by Larry Clinton As we explained in previous blogs (LINK), cybercrime is at an all-time high – and there are no signs that it is slowing down. Economic losses from cybercrime are estimated to be as much as $2 trillion annually—and increasing to as much as $10.5 trillion by 2025 – 10 trillion is […]
May 11, 2023
An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit. The […]
April 09, 2023
Dear Congressional Members of the House and Senate Appropriations Committees: We are writing to urge the House and Senate Appropriations Committees in the fiscal year (FY) 2024 appropriations bill to include $200 million for the Department of Defense Cyber and Digital Service Academy (the Academy) that was authorized in the FY 2023 National Defense Authorization […]
March 31, 2023
A Review of Fixing American Cybersecurity, Edited by Larry Clinton and Foreword by Kiersten Todt This entry was posted in Book ReviewCybersecurity on March 30, 2023 by Steven Bowcut In an era of growing cyber threats and increasing data breaches, the need for robust cybersecurity measures has never been greater. Against this backdrop, Larry Clinton’s new book, “Fixing American Cybersecurity: Creating […]
March 30, 2023
Writing in the February edition of Foreign Affairs CISA Director Jen Easterly called for “a new model” for cybersecurity. A month later President Biden released a new national strategy for cybersecurity which he said would “realign incentives in favor of long-term investment. When releasing the new strategy acting WH Director for Cybersecurity Kemba Waldon said, […]
March 27, 2023
The Biden Administration’s new National Cybersecurity Strategy is an important first step toward improving our nation’s cybersecurity. This strategy, unlike the numerous others that have been unveiled over the past 20 years, adopts ISA’s core argument that we cannot create a sustainably secure cyber system until we rebalance the incentives for cyber-attacks. ISA is not […]
March 15, 2023
The traditional regulatory model – when applied to cybersecurity – is actually anti-security. For all the discussion around the Biden Administration’s new cyber strategy generating new regulations, this one simple fact remains. There is no evidence the cyber regs are working. The real question is not so much how much new regulations there ought to […]
March 13, 2023
By Charlie Mitchell / March 13, 2023 Federal agencies should be required to clarify that proposed cybersecurity rules are not “duplicative or in conflict with existing regulations,” according to a key industry player on cyber, an idea embraced by former White House cyber coordinator Michael Daniel as a way to deliver on regulatory streamlining under President […]
March 06, 2023
The new National Cybersecurity Strategy released last week calls for intensified federal regulation on IT providers, while presumably shifting regulatory focus away from technology users (we will see what the regulatory agencies and the SEC has to say about that last part). The strategy asserts “regulation can level the playing field enabling healthy competition without […]
March 03, 2023
There are probably various government agencies where regulators have already sharpened their virtual pencils preparing to write up some new regulations go along with the new National cybersecurity strategy released yesterday. Please put down your pens. That is not where implementation of the new strategy needs to begin. While much of the conversation about the […]
March 01, 2023
There is a is a common misconception that cybersecurity regulation has not been tried, and that, if only there was federal regulation of cyberspace, we would have a more secure environment. The facts don’t bear out this assertion. In our next two posts, we will first lay out the empirical evidence that cyber regulation does […]
February 27, 2023
Spoiler alert: It’s both. However, virtually all of our efforts to address our cybersecurity problems have focused on the tech side and virtually none on the underlying economics of cybersecurity. This has led to an unbalanced and ineffective government response in “providing for the common defense” in the cyber infrastructure. In their classic work, The […]
February 24, 2023
US cybersecurity policies have been inadequate for decades and need to be updated to counter the heightened digital and physical risks the nation faces from our adversaries today. The US cybersecurity effort over the past thirty years largely comes down to a series of modest, disjointed, incremental tactics. On the other hand, one significant rival, […]
February 23, 2023
The review (pasted below) is also available at AUTHOR Q&A: China’s spy balloons reflect a cyber warfare strategy America must counter https://www.lastwatchdog.com/ By Byron V. Acohido The attack surface of company networks is as expansive and porous as ever. Related: Preparing for ‘quantum’ hacks That being so, a new book, Fixing American Cybersecurity, could be a long […]
February 22, 2023
In a series of posts over the past couple weeks (LINKS), we have documented how China has been successfully carrying out a concerted and multi-faceted digital program designed to re-make the post-WWII world order and redirect it toward China. The Chinese campaign is well conceived, integrated, generously supported, and largely covert, which is consistent with […]
February 20, 2023
In recent posts, we have described how over the last 30 years China has smartly leveraged the vulnerabilities of the digital age to steal Western technology and, in so doing, leap-frog generations of R&D to become a world economic power. Not satisfied with their renaissance as an economic power, China leveraged massive government financial support […]
February 13, 2023
In our last post we documented how Huawei technology, thanks to massive cross-subsidization from the Chinese government, was succeeding in deploying its telecommunications network around the world. That is a story that is fairly well known in Washington policy circles. However, Huawei is by no means the only technology threat China poses though its comprehensive […]
February 10, 2023
China’s Digital Silk Road Strategy integrates technology, economics, and politics with the long-term goal of altering the post-World War II US- European world order. An assessment of China’s three wars strategy by the U.S. Department of Defense found that the CCP’s goals were to reclaim global status over the United States by weakening our alliances […]
February 08, 2023
Last week, Foreign Affairs magazine published an article written by CISA Director Jen Easterly and Asst. Director Eric Goldstein entitled “Why Companies Must Build Security into Products.” The central thesis of their article is we need a “new model” for cyber security because what we have been doing isn’t working. This is precisely the messaging […]
January 31, 2023
By Charlie Mitchell / January 31, 2023 CISA chief of staff Kiersten Todt provides the foreword to a new book on cybersecurity strategy by Internet Security Alliance leader Larry Clinton, saying a focus on economic incentives for industry cyber improvements is an essential part of a “a strong, actionable approach to industry/government collaboration.” “We need bold action […]
January 03, 2023
ISA’s Mission is to integrate advanced technology with economics and public policy to promote sustainably secure cyber system. The ISA board, consistits of cyber leaders (typically CISO) from virtually every critical industry sector. Over 20 years ISA has created a comprehensive theory and practice for cybersecurity covering both enterprise risk managment and government policy. ISA’s […]
November 17, 2022
Major Findings · The Cyber Risk Principles developed by the ISA, NACD and the World Economic Forum help drive cyber resilience across industries. · Simulation-aided research from MIT CAMS shows that commitment to and adoption of the Cyber Risk Principles significantly improves cyber resilience. · Results also show that, commitment to these cyber risk principles […]
July 18, 2022
PREMISE ONE: CYBERSECURITY IS A NATIONAL DEFENSE IMPERATIVE Just as World War II made it apparent that the skies were a unique domain of warfare resulting in the creation of the US Air Force Academy in the 1950s, so, too, have recent events made it clear beyond doubt that cyberspace is now a unique domain […]
May 31, 2022
EXECUTIVE SUMMARY In our last post we made the case for a national, virtual, cybersecurity academy. In this post we will discuss the key points of our proposal and in our next post we will discuss the advantages of our proposal which we suggest as the only practical way for the USA to quickly, comprehensively, sustainably, […]
We need to stop talking about the issue of cybersecurity workforce development. We need to properly frame the issue an imperative for national defense digital mobilization. Just as World War II made it apparent that the skies were a unique domain of warfare resulting in the creation of the US Air Force Academy in […]
Our service academies – West Point, Annapolis the Airforce and Merchant Marine Academies are the ultimate public private partnership. Government offers private citizens high quality education at no cost, and in return the graduates are obliged to provide three years of service to the government, and many stay on well-past that obligation. The system has […]
August 31, 2021
By Sarina Krantzler, ISA Research Associate This post is the first of two blogs concerning China’s Digital Strategy. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If […]
April 09, 2021
Internet Security Alliance president Larry Clinton is adding his voice to those calling for including a robust cybersecurity program in upcoming infrastructure legislation expected to address expanded broadband access as well as services in other critical industries. “President Biden’s massive infrastructure proposal — dubbed infrastructure for the digital age — includes a wide variety of […]
Four months ago, the 22 sponsors of the Internet Security Alliance (ISA) launched an online campaign suggesting the need for the United States to rethink our approach to securing our cyber infrastructure. The theme seems to have growing resonance with both policymakers and the general cybersecurity community.
March 23, 2021
Members of Congress are moving toward a legislative push for mandatory cyber-incident reporting by critical infrastructure operators, while industry groups are beginning to shape their arguments against establishing such a regulatory requirement in response to the SolarWinds and Microsoft Exchange hacks. A source close to the House Homeland Security Committee told Inside Cybersecurity: “We’re in the […]
A trio of groups including the Internet Security Alliance has released a report offering “a cohesive, global, cross-border approach to cyber-risk governance” for corporate boards, with six principles that pull together consensus views developed by security and industry leaders in recent years. “Principles for Board Governance of Cyber Risk” was released today by ISA, the […]
March 18, 2021
Senators on the Homeland Security Committee took their turn probing the federal response to the SolarWinds hack at a hearing that featured CISA, OMB and FBI officials citing extensive interagency cooperation, while lawmakers pressed on the need for more high-level direction and for upgrading the government’s overall approach to cyber defense. “After the SolarWinds hack […]
February 16, 2021
The Pentagon’s Cybersecurity Maturity Model Certification program will fall short in securing the Defense Industrial Base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry-based Internet Security Alliance. “However, it is sadly predictable that the CMMC, however much an improvement, […]
Cyber vulnerabilities in the retail sector, always a hot topic during the holidays, require an examination of underlying economics and incentives that could drive improvements in retailers’ cybersecurity, according to an Internet Security Alliance assessment that tracks with the group’s prescription for shoring up cyber across critical infrastructure. “The retail sector is one of the […]
Larry Clinton of the Internet Security Alliance says the massive SolarWinds hack highlights the need for a rethinking of cybersecurity policy that goes well beyond Cyberspace Solarium Commission recommendations folded into the national defense bill, while the Congressional Research Service has issued a paper saying “existing programs” were unlikely to have foiled the sophisticated infiltration […]
Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]
The U.S. homeland security and intelligence community in a statement today said the massive SolarWinds hack of federal and private-sector networks appears to be part of an intelligence gathering operation by a Russian “advanced persistent threat actor.” The U.S. government’s Cyber Unified Coordination Group, known as the UCG, “believes that, of the approximately 18,000 affected […]
The Cybersecurity and Infrastructure Agency has leaned into its role as industry’s risk advisor and partner in response to the SolarWinds hack, and industry sources say they are anxious to see this collaborative model preserved and extended under a Biden administration that might be inclined to more regulatory approaches to cybersecurity. Megan Brown, a partner […]
Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]
CISA’s National Risk Management Center is launching a multifaceted “risk reduction venture” to help organize efforts around analyzing, measuring and providing tools to address cybersecurity risks faced by critical infrastructure. “Using enterprise risk management best practices will be a focus for CISA in 2021, and today the National Risk Management Center (NRMC) is launching a […]
The federal government lacks the expertise to mandate effective cybersecurity requirements for industry, according to Internet Security Alliance leader Larry Clinton, who says failures to secure the government’s own systems reveal the need for a major readjustment in thinking about cyber policy. “[W]e can add government to the list of sectors that are highly regulated […]
Internet Security Alliance president Larry Clinton hopes to ensure cybersecurity funding is included in the COVID-19 relief measure about to begin moving in Congress, saying economic recovery from the pandemic is impossible “unless the core systems of the economy — which in the 21st century are cyber — also recover.” “Just as to recover physically […]
Major trade groups representing the technology and other sectors are urging lawmakers to preserve $9 billion in proposed funding for IT modernization in the COVID-19 package now beginning to work its way through Congress. “We write in support of President Biden’s call for robust funding to modernize and secure federal information technology (IT) and networks […]
Cyber regulation has generally created a “backward-looking” compliance approach to cybersecurity that is antithetical to actually improving security, according to the Internet Security Alliance’s Larry Clinton, who says effective risk-management alternatives are available. “To begin with, traditional compliance is essentially a backward-looking pass-fail issue,” Clinton wrote in a Thursday blog post. “Cybersecurity, on the other hand, […]
February 04, 2021
Sean Atkins is a PhD candidate in security studies and international relations. His research focuses on national defense in cyberspace and cyber statecraft. He is also an active-duty US Air Force officer whose service ranges from national cyber policy development to multiple counterinsurgency operations deployments. FALL 20/WINTER 21 : précis Student Feature : Sean Atkins The recent […]
January 26, 2021
The federal government lacks the expertise to mandate effective cybersecurity requirements for industry, according to Internet Security Alliance leader Larry Clinton, who says failures to secure the government’s own systems reveal the need for a major readjustment in thinking about cyber policy. “[W]e can add government to the list of sectors that are highly regulated […]
• The COVID-19 pandemic has opened more opportunities for cyberattacks. • Not enough board members understand the threat to their business. • The World Economic Forum, PwC, NACD and ISA are partnering to define key principles of good cybersecurity governance . In 2020, malevolent actors took advantage of the pandemic. The rush to digital-first arrangements […]
January 04, 2021
House and Senate cybersecurity leaders already are planning to examine the cause and effects of the SolarWinds hack, and touting new cyber tools supplied by the fiscal 2021 National Defense Authorization Act, while some cybersecurity professionals caution that these are preliminary steps on a long road toward effective risk management. New Senate Homeland Security Chairman […]
December 30, 2020
President-elect Biden should demonstrate his commitment to improving cybersecurity in the aftermath of SolarWinds by moving to close a “cyber investment gap” in which both U.S. industry and foreign adversaries are vastly outspending the United States government in key areas, according to Larry Clinton, head of the Internet Security Alliance. “With due respect, we might […]
November 20, 2020
The Internet Security Alliance wants to spark a dialogue in the cybersecurity community “around the idea that we need to re-examine the problem and do a lot more” to meet challenges in cyberspace that are gradually eroding the United States’ position as the world’s foremost economic, technological and military power. “We need to engage the […]
November 10, 2020
The Internet Security Alliance wants to spark a dialogue in the cybersecurity community “around the idea that we need to re-examine the problem and do a lot more” to meet challenges in cyberspace that are gradually eroding the United States’ position as the world’s foremost economic, technological and military power. “We need to engage the […]
| Internet Security Alliance launches ‘national dialogue’ on a critical new phase in cyber efforts
October 21, 2020
Even among those who have worked with him, Joe Biden is not known as a tech policy wonk. So, it’s not surprising that today, during a pandemic, cybersecurity doesn’t come near to the top of the list of topics Biden’s campaign is prioritizing for the sake of the election. Russia’s election meddling may get a […]
September 30, 2020
American business was largely unprepared to fend off cyber criminals before the virus hit; we are now immeasurably worse off. Metaphorically, we have gone from leaving the door ajar to cyber criminals before the pandemic to throwing the door wide open and laying out a welcome mat. One study found 91 percent of enterprises reported […]
July 06, 2020
In 1929 the vibrant US economy went through the greatest shock it had ever received when the stock market crashed. A frightened and bewildered Congress, flaying for answers, summoned the economic chieftains of the day to testify as to if they had manipulated the crisis. The venerable JP Morgan was called to task before the […]
June 11, 2020
Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level
May 27, 2020
You know what’s worse than trying to share cybersecurity information? Writing about it. Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades. Why […]
| ISA’s Larry Clinton criticizes Pentagon proposal for ‘intrusive’ access to contractor networks
April 28, 2020
The COVID-19 crisis reveals the inadequacy of the prevailing “operational” approach to cybersecurity and provides an opportunity for government and businesses alike to take cost-effective steps toward a cyber strategy rooted in risk management, says Larry Clinton, president of the Internet Security Alliance. That should include developing systems to track and prosecute cyber crime, establishing […]
April 27, 2020
The massive shift to work-at-home amid the COVID-19 crisis is leading to insecure work-arounds that emphasize functionality over security, while managers in many businesses lack training suitable to the current risk environment, according to the Internet Security Alliance in comments filed with the Department of Homeland Security. “Due to the near-immediate switch to unplanned online […]
April 23, 2020
The Defense Department is leading efforts to set mandatory cybersecurity baselines for industry, while the Federal Communications Commission has been on a deregulatory path, but both are playing influential roles in shaping the U.S. government’s relationship with the private sector and overall approach to cybersecurity that have been on display in recent days. In one […]
March 16, 2020
By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […]
March 05, 2020
Henry Ford once said, “Coming together is a beginning, staying together is progress and working together is success.” While each one of us is different—visionary or pragmatist, builder or fixer, disruptor or peacemaker, mentor or non-conformist, comic relief or observer—bringing all our individual traits together results in a stronger, more diverse whole. This was the […]
| These Are The Big Takeaways From This Year’s RSA Conference 2020
February 27, 2020
The Internet Security Alliance has updated its “handbook” for corporate boards on managing cyber risks to reflect current threats and the latest “best practices.” “The effects of cyberattacks are expanding well beyond information loss or business disruption. They can have a severe impact on an organization’s reputation and brand through loss of consumer confidence,” said […]
| Internet Security Alliance updates 'handbook' for corporate boards on managing cyber risks
February 26, 2020
In an era when data breaches can lead to corporate losses and ruin brand reputations, cybersecurity is no longer just an IT issue, it’s a board-level issue The question of what corporate boards should be doing and how governments can help them was the topic of a session at the RSA Conference in San Francisco, […]
| #RSAC: How Corporate Boards Should Look at Cybersecurity Risk
February 24, 2020
The annual RSA security conference launches today in San Francisco under the shadow of a global health crisis, but with a roster chock-full of key cybersecurity players and high-profile panels addressing emerging cyber rules on 5G, supply-chain, privacy and more, and front-burner issues such as deterrence, investment and litigation. The theme of this year’s RSA […]
| CISA leaders, policy vets set for cyber conference with regs, deterrence and more on agenda
February 06, 2020
The cyber-security market will continue to attract venture capital even in uncertain economic times as the industry is largely “immune to downturn” and offers good returns on investment, say investors and industry experts. “VCs invest where they believe they could generate a return. The larger the return, the more likely they will be to invest […]
| Cyber security to attract more venture capital investment, say analysts
November 26, 2019
Bengaluru: Cyware Labs, a leading product-based cybersecurity company has recently been awarded as ‘Excellent Threat Intelligence Solutions’ at the recently held National Cyber Security Summit & Awards 2019 by Communication, Multimedia And Infrastructure (CMAI) Association of India. The awards were held to recognize organizations with the greatest achievements and contributions in the field of cybersecurity in […]
November 22, 2019
FOR IMMEDIATE RELEASE Contact: Larry Clinton President and CEO, Internet Security Alliance (202) 236-0001 lclinton@isalliance.org Delhi, India – In back-to-back presentations to the Indian National Cybersecurity Summit and the international Conference on Cyberlaw, Cybercrime and Cybersecurity today, Internet Security Alliance (ISA) President Larry Clinton announced the launch of a collaboration between several Indian-based trade groups and […]
November 19, 2019
The Cybersecurity and Infrastructure Security Agency’s “risk management” philosophy needs faster and deeper uptake throughout government, a key industry leader says, while developments over the past week underscored the breadth of CISA activities across issues and industries. And the House today is expected to approve a continuing resolution funding the Department of Homeland Security and […]
| Inside Cybersecurity: Agency gets praise for risk management; efforts advance along broad front
November 15, 2019
The federal government is gradually shifting to a “risk management” approach to cyber — epitomized by the creation of CISA and its National Risk Management Center last year — but that effort lags behind the private-sector’s embrace of “sophisticated” tools and must accelerate rapidly, says Larry Clinton, head of the industry-based Internet Security Alliance. “We […]
November 11, 2019
A key private-sector leader is criticizing an initiative aimed at securing the Defense Industrial Base as “over-regulation” while advocating incentives, over liability, for filling gaps between private and public assessments of cybersecurity risks. “The regulation is actually not improving our security, in fact it is anti-security because it is driving away some of our better […]
May 29, 2019
The Internet Security Alliance has announced plans to develop a “handbook” on managing cybersecurity risks for European corporate boards of directors, building on similar efforts across the Atlantic. “This week the board of directors of the European Confederation of Directors Associations (ecoDa) agreed to work with the Internet Security Alliance (ISA) on a European adaptation […]
| Internet Security Alliance developing cyber handbook for European corporate boards
May 17, 2019
The industry-based Internet Security Alliance is pressing the White House to issue a presidential order to streamline regulatory requirements for cybersecurity, hoping to build on recent Trump administration initiatives. “The White House has been increasing its focus on cybersecurity including by issuing the recent executive order on America’s cybersecurity workforce, which recognized that the nation […]
| Internet Security Alliance calls on White House to 'harmonize' cyber regulations
September 21, 2018
A new cyber security event is bringing companies such as Microsoft, Siemens and Kaspersky Lab together to discuss the opportunities and drawbacks of new technologies. Command Control kicked off in Munich, Germany, on the 20th of September, with discussions on cyber security as a social phenomenon, and understanding and managing human risk. Messe Munich CEO […]
| New cyber security event in Germany discusses pros and cons of emerging technology
September 05, 2018
Two leading cybersecurity professionals — one whose firm offers cyber products, the other a high-profile industry advocate for cyber strategies grounded in economics — cited extensive security developments in the private sector in the year since the Equifax hack, amid slow, often imperceptible responses from federal policymakers. The Equifax hack, affecting 150 million Americans, was […]
August 15, 2018
Department of Homeland Security official at Def Con last week highlighted the increasing interconnectedness of critical industries and the challenge for government in protecting private enterprises from foreign cyber attacks — issues being cited by the Internet Security Alliance in renewing its longstanding call for “incentivizing” cybersecurity investments. “Digitization has changed everything. It literally is […]
July 27, 2018
A coalition of almost two dozen industry groups led by the U.S. Chamber of Commerce is urging the Senate to pass a bill renaming and reorganizing the Department of Homeland Security’s cyber-focused National Protection and Programs Directorate, which has been stalled in the Senate for months. In a letter to Majority Leader Mitch McConnell (R-KY) […]
| U.S. Chamber of Commerce, industry groups urge Senate passage of DHS cyber agency bill
July 19, 2018
Department of Homeland Security officials have engaged in extensive policy discussions with the private sector leading up to the July 31 cybersecurity summit in New York City, according to industry leaders, who expect the event to underscore DHS’ commitment to cyber risk-management and collaboration. Internet Security Alliance president Larry Clinton characterized the recent engagement as […]
July 18, 2018
The Department of Homeland Security today formally announced its July 31 cybersecurity summit in New York City, calling it “a launching point for a number of DHS initiatives to advance cybersecurity and critical infrastructure risk management.” “The Department of Homeland Security will host a National Cybersecurity Summit on July 31, 2018 at the Alexander Hamilton […]
June 26, 2018
The Department of Homeland Security’s planned July 31 cybersecurity summit in New York City offers a chance for the agency to underscore its central role on cyber policy. It could also give Secretary Kirstjen Nielsen a badly needed win in her strongest policy area, amid intense criticism of her role in controversial immigration efforts. Nielsen […]
June 18, 2018
The Department of Homeland Security’s planned July 31 cybersecurity summit in New York City offers a chance for DHS to underscore both its central role on federal cyber policy and its bonds with the private sector, but private-sector sources are pressing for more details — quickly — as the event rapidly approaches. Coming just over […]
June 05, 2018
FOR IMMEDIATE RELEASE Larry Clinton President and CEO, Internet Security Alliance (202) 236-0001 lclinton@isalliance.org (WASHINGTON, D.C.) – The Internet Security Alliance (ISA) has organized, and this month will teach, a cybersecurity course at the University of Pennsylvania as part of the ABA Stonier Graduate School of Banking and Wharton School’s Executive Education Program. The […]
2018-01-18 Conference Board.v2" target="_blank">
January 23, 2018
2018-01-18 Conference Board.v2" target="_blank"> | January 18, 2018 Cybersecurity Summit - Conference Board (New York City)
July 06, 2017
ONE RUNS MARATHONS. Another writes young adult sci-fi. Still another embraces efforts to end homelessness, and a fourth splices in college teaching while managing an eight-country digital asset portfolio. All arrived at the C-suite by divergent paths. Yet in frank conversations about the future of the job and trends for the information security field, some […]
July 05, 2017
As company leaders have become better educated about the evolving nature of cyber threats, preparedness for addressing cyber risks has continued to improve. According to PwC’s The Global State of Information Security Survey 2017, 50% of organizations now share with and receive more actionable information from industry peers. Meanwhile, as corporate boards have become more […]
June 05, 2017
SC Media Reports: It’s been a topic of discussion for some time: Cyber threats are serious risks to enterprises and it is the responsibility of the boards to provide oversight. The problem, according to a new blog post written by Stacey Barrack, senior director of the Internet Security Alliance (ISA), is that most of the team […]
Chief Information Security Officers (CISOs) recognize that collaboration is key to cyber security resilience. Sharing best practices in intimate, executive roundtable working groups among peers on topics ranging from must have questions and strategies for the board of directors to securing connected devices and the Internet of Things (IoT) will be featured at the 2017 […]
June 01, 2017
The National Institute of Standards and Technology should focus on developing an “analytical tool” enabling entities to assess cyber threats on a monetized basis, according to the president of the Internet Security Alliance, as NIST continues probing the use of NIST cybersecurity framework metrics. “The next step in the evolution of the NIST CSF shouldn’t […]
May 24, 2017
The Donald Trump administration, in its proposed fiscal year 2018 budget, outlines steps it contends would strengthen the U.S. federal government’s information systems, even as it would cut some cybersecurity spending at specific agencies. At the heart of the budget for the fiscal year that begins Oct. 1 is a proposal to spend $1.5 billion […]
May 18, 2017
The House of Representatives has passed the Modernizing Government Technology Act, which supporters contend should help improve the security of the federal government’s information networks. The legislation passed May 17 on a voice vote and now goes to the Senate, where its prospects are uncertain. Should the bill become law, major agencies would create IT […]
May 15, 2017
HMG Strategy Reports: Taking a defensive approach to cybersecurity isn’t working for keeping the bad guys out. The volume and level of sophistication with cyber attacks has continued to rise dramatically. In 2016, one-third of all businesses globally were breached, according to PwC. And while millions of attacks are being launched on a daily basis, […]
May 06, 2017
The latest draft version of the Trump administration’s cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Barack Obama White House, including modernizing federal IT. “That fact that they are focusing on IT modernization […]
May 01, 2017
The National Institute of Standards and Technology is diligently reviewing the nearly 130 comments from industry and other groups on a draft update to the framework of cybersecurity standards, as it prepares an analysis of that input in advance of a highly anticipated public meeting this month. That meeting will likely set the course and […]
April 26, 2017
Industry groups across sectors are raising concerns with various aspects of the National Institute of Standards and Technology’s approach to managing supply-chain risks in a proposed update to the voluntary framework of cybersecurity standards. Specifically, groups say the NIST plan fails to take into account the interconnectedness of vendor services and downplays the potential effect […]
April 24, 2017
Lawmakers return to Capitol Hill this week with a few cybersecurity items on the agenda for the upcoming legislative work period, while the most significant efforts in the coming months may be taking place at the White House and at the National Institute of Standards and Technology’s campus in suburban Maryland. “On the congressional front, […]
April 13, 2017
Business lobbying groups are pushing back on plans by federal scientists to add third-party measurement of cybersecurity to a voluntary framework designed to help private companies improve its defenses against hackers, cybercriminals and online spies. A draft proposed revision of the National Institute of Standards and Technology’s Cybersecurity Framework, to be known as version 1.1, […]
April 12, 2017
The Internet Security Alliance is calling for metrics that allow businesses to prioritize their cybersecurity efforts based on the National Institute of Standards and Technology cybersecurity framework, while stressing the need for NIST and other agencies to continue promoting the voluntary, public-private partnership approach to cybersecurity. The comments come in response to a request for […]
March 13, 2017
The government has suggested many ways to use metrics to measure the effectiveness of cybersecurity investments, but who should be using these measurement tools – and whether doing so should be required – remains open questions that will affect the scope and movement of these plans. Industry remains somewhat divided on the role of metrics, […]
March 08, 2017
The latest version of the draft of a cybersecurity executive order from the Donald Trump White House would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations’ IT assets. The draft executive order also would require federal agencies […]
March 02, 2017
Having the National Institute of Standards and Technology audit other federal agencies’ cybersecurity practices is not a matter of NIST “stepping up” its game, as House Science Chairman Lamar Smith (R-TX) said this week – rather it would be a matter of dramatically redefining NIST’s role and relationship with other federal entities. The Science panel’s […]
February 28, 2017
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to demonstrate the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered – and likely amended – at a markup session of the House Science, Space and Technology Committee on March 1. The measure, known as the NIST Cybersecurity […]
February 24, 2017
Cyber risk management is an increasingly important challenge for organizations of all kinds and sizes. Corporate directors have a legal responsibility to ensure that their corporations have appropriate cyber risk management policies and practices and are prepared to respond effectively to cyber incidents. Corporate directors can obtain helpful guidance from regulators, industry associations and other […]
February 17, 2017
One of the most important jobs of the board is to challenge management and test their assumptions about strategy, the competitive environment, and associated risks and opportunities. Many directors would say that they are most passionate about this part of their role, and in today’s business environment it has never been more critical. Cybersecurity is […]
January 18, 2017
The number of people employed in the United States as information security analysts reached a record high in 2016, according to uncirculated employment data provided by the U.S. Labor Department’s Bureau of Labor Statistics. Based on the same household survey used to determine the monthly unemployment rate, BLS reports that 89,000 individuals last year were […]
January 13, 2017
The updated “Cyber-Risk Oversight” handbook for corporate directors released Thursday examines new legal and regulatory requirements and challenges faced by business, as well as the evolving and growing threat of cyber attacks. “The legal and regulatory landscape with respect to cybersecurity, including required disclosures, privacy and data protection, information-sharing, infrastructure protection, and more, is complex […]
January 12, 2017
The server room might be an obvious choice for a starting point when it comes to protecting your company’s cyber networks, but the National Association of Corporate Directors says the best place to begin is in the board room. The newest edition of the NACD’s Cyber-Risk Oversight handbook, released Jan. 12, advises private sector managers […]
If you’re a federal cyber official, the advice in a newly revised handbook on corporate cybersecurity might sound familiar. The new National Association of Corporate Directors’ cybersecurity handbook says cybersecurity is a risk management issue, not an IT matter. The language echoes what top federal agency IT managers and cybersecurity officials have been saying about […]
January 10, 2017
Last week’s U.S. intelligence report tracing Russia’s cyber-meddling with the 2016 presidential election is a timely reminder of the cybersecurity risks that the government and private companies face, said Tom Ridge, the nation’s first secretary of Homeland Security. “President-elect Trump is entering into a world fraught with hazards as never before,” Ridge said in a […]
October 19, 2016
ISA RECEIVES NATIONAL AWARD FOR CYBER SECURITY LEADERSHIP – SC Magazine – Editor’s Choice Award for Outstanding Leadership in Cyber Security” as RSA Conference
April 18, 2016
Public News Service Reports: Officials from the FBI and the Justice Department held a roundtable recently at Iowa State University, emphasizing the seriousness of cyber attacks for a surprising target – the agriculture industry. It’s a subject familiar to Larry Clinton, president of Internet Security Alliance, an information security think tank. He says many of […]
March 02, 2016
PRESS RELEASE March 1, 2016 – Washington, DC TRUMP THE LEADING dEMOCRATIC CANDIDATE That’s democratic with a small d. The most under-reported story of Super Tuesday is certainly not that Donald Trump has seized hold of the GOP nominating process or the Party’s internal revolt — that story has been beaten to death. It is […]
February 22, 2016
PR Newswire Reports: The ‘Digital Equilibrium Project’ works to bring differing views together in pursuit of a digital constitution to support a safer world for individuals, organizations and nations. Cybersecurity, government and privacy experts are banding together as part of The ‘Digital Equilibrium Project’ to foster a new, productive dialogue on balancing security and privacy […]
February 09, 2016
Bank Info Security Reports: President Obama is creating the position of federal chief information security officer as part of a multifaceted initiative aimed at strengthening the nation’s IT security. Related steps include the formation of a public-private Commission on Enhancing National Cybersecurity, as well as a proposal to boost government cybersecurity spending next fiscal year […]
January 12, 2016
GCN Reports: Agency IT managers who believe they do not have the resources to adequately fight cybersecurity threats got some backing from industry experts who voiced the same concerns to Congress. At a Jan. 8 hearing held by two subcommittees of the House Science, Space and Technology Committee, Larry Clinton, president and CEO of the […]
January 08, 2016
Politico Reports: Here’s the cybersecurity three-step the federal government should be doing: Spend more on cyber, implement tougher cybersecurity policies and demand that senior officials pay more attention to the issue. Those are the first three of 10 recommendations Larry Clinton, president of the Internet Security Alliance, an industry group, plans to share with two […]
The Daily Caller Reports: The federal government is falling behind in a “cyber arms race,” putting millions of taxpayers’ personal information at risk, digital security experts told a joint hearing of two congressional subcommittees Friday. Hackers ranging from hacktivists to state-sponsored attackers will continue threatening the federal government’s digital networks to steal personal information and state […]
December 17, 2015
GovInfoSecurity Reports: After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to voluntarily share threat data with the federal government and with one another. The legislation, added to a 2,009-page omnibus $1.1 trillion spending bill, also would establish a process for […]
December 10, 2015
Inside Cybersecurity Reports: A new study by Internet Security Alliance president Larry Clinton outlines 10 best practices for government-industry partnerships on cybersecurity, ISA announced Wednesday. The new study highlights work from a research program led by Clinton and the Department of Homeland Security and lays out best practices endorsed by the Partnership for Critical Infrastructure […]
December 07, 2015
Washington Examiner Reports: The National Institute of Standards and Technology is launching a new initiative designed to energize industry-led efforts on cybersecurity amid concerns that federal and state regulators are increasingly eager to put their stamp on the issue. NIST, the highly esteemed agency headquartered in Gaithersburg, Md., is releasing a “request for information” about […]
SC Magazine Reports: As 2015 nears an end, the industry-led, standards-driven strategy on cybersecurity remains a potent policy force, while signs – and fears – of a more prescriptive regulatory approach pop up across the cyber landscape. The National Institute of Standards and Technology is pursuing ways of keeping the voluntary approach vibrant and viable, […]
December 03, 2015
Inside Cybersecurity Reports: Financial sector representatives are looking to an upcoming “request for information” on the federal framework of cybersecurity standards as a way to revitalize the voluntary, industry-led approach to cyber – and to head off conflicting regulatory moves. The National Institute of Standards and Technology is expected in the coming days to release […]
December 02, 2015
Inside Cybersecurity Reports: Incomplete efforts to implement President Obama’s “visionary” 2013 executive order on cybersecurity have created a policy vacuum that some federal and state officials are moving to fill with regulations, according to Internet Security Alliance president Larry Clinton. Representatives from 27 industry groups attended a meeting on Monday with officials from the National […]
November 18, 2015
BusinessInsurance.com Reports: Passage of long-awaited cyber security legislation will be a limited but still-useful tool that encourages businesses and the government to share data by providing liability protection. However, experts are divided on the legislation’s ultimate effect on rates for cyber insurance. In a 74-21 vote in late October, the U.S. Senate approved The Cybersecurity […]
October 08, 2015
Inside Cybersecurity Reports: A federal report that proposes hacked companies share specific kinds of cyber incident data in a private-sector repository to help expand the nascent insurance market is drawing early praise from industry stakeholders tracking the development of cybersecurity information-sharing standards. The assessment – produced by a Department of Homeland Security advisory panel and […]
October 01, 2015
SC Magazine Reports: Appetites for more: Government actions (10.1.2015) Cybersecurity is a technical challenge. But it also usually has a legal and regulatory aspect as well. Obviously, there is the legal framework under which organizations operate and under which cybercrimes are defined and, sometimes, prosecuted. Then, of course there are the complex interactions between government […]
em>SC Magazine Reports: Had the recently departed filmmaker Wes Craven lived just a few years longer, the Internet of Things (IoT) might have provided him with the perfect fodder for one of his horror classics. After all, it has all the the potential to be the stuff that nightmares – or an episode of Phineas […]
September 04, 2015
Inside Cybersecurity Reports: The Department of Homeland Security is earning praise for its decision to select a university as the standards-setting body for new cyber information-sharing entities, as some stakeholders say the function can best be delivered in a research and academic setting. But other stakeholders from industry groups and the info-sharing community said they […]
August 10, 2015
Inside Cybersecurity Reports: President Obama’s push to broaden the sharing of cyber threat data both within the private sector and between government and industry by urging companies and industries to establish new cybersecurity information-sharing hubs will soon reach a pivotal decision point when the Department of Homeland Security awards a key federal grant….SOURCE
July 27, 2015
Inside Cybersecurity Reports: The Department of Homeland Security will convene a workshop in Silicon Valley this week to make headway on implementing President Obama’s executive order on improving the exchange of cyber threat data between government and industry, an effort that faces significant obstacles but has captured the interest of key private-sector stakeholders. The July […]
July 21, 2015
Dark Reading Reports: The Internet Security Alliance (ISA) is proud to announce that it’s President and CEO, Larry Clinton, has been named to the “Corporate 100” which identifies the nation’s 100 most influential people in the field of corporate governance. Joining Clinton on the list are a wide range of luminaries including the 5 current […]
July 03, 2015
Today.US Reports: In the wake of a number of recent high-profile, damaging cyberattacks—including the recent breach of the Office of Personnel Management, which compromised the sensitive information of millions of federal employees—executives and board members are gradually becoming aware of today’s cyber threats and the potentially devastating impact these can have on their organizations. However, […]
June 21, 2015
MiBiz Reports: Manufacturing executives in West Michigan and nationwide worry that their computer networks could fall victim to security breaches similar to those that have plagued the retail sector in recent months. As industry extends its global reach and has come to rely more on digital data, cyber criminals have likewise become more innovative, adopting […]
June 12, 2014
As the issue of cyber security grows increasingly more salient, ISA has been featured in a number of high-profile print and television appearances over the past several years. Topics of discussion have ranged from hot-button issues of the day to long-standing policy implications. Some of these media appearances include USA Today, the PBS News […]
May 08, 2012
By Tom Gjelten (National Public Radio (NPR) – Morning Edition) Business executives and national security leaders are of one mind over the need to improve the security of the computers that control the U.S. power grid, the financial system, water treatment facilities and other elements of critical U.S. infrastructure. But they divide over the question of […]
May 02, 2012
By Rick Kam For all of its benefits, cloud computing poses very real dangers to covered entities responsible for safeguarding protected health information (PHI). The cloud model, which the IT industry has been embracing for its up-front cost savings and efficiencies for years now, is more recently being recognized by the healthcare realm for its potential […]
April 27, 2012
The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the past week, allows the government and private companies to share information with one another with the aim of warding off cyber threats.
By David Goldman (CNN) NEW YORK (CNNMoney) — The House of Representatives, as expected, approved a controversial cybersecurity bill late Thursday, staring down a veto threat. But the fight to protect the United States from a cataclysmic cyber attack is far from over. The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the past week, […]
April 17, 2012
By Andrew Feinberg (The Hill) As Congress turns its focus to cybersecurity matters, 26 major business and trade associations are seeking to remind lawmakers that cyberspace is “a bulwark of the global economy.” The group sent a letter Tuesday to House Speaker John Boehner (R-Ohio) and Minority Leader Nancy Pelosi (D-Calif.) urging action to protect “the […]
April 16, 2012
Rise of cyber-attacks on critical infrastructure on both sides of Atlantic calls for creation of cyberweapons and new rules for use
Rise of cyber-attacks on critical infrastructure on both sides of Atlantic calls for creation of cyberweapons and new rules for use By Nick Hopkins (The Guardian) Jonathan Millican is a first-year university student from Harrogate in North Yorkshire. He says he doesn’t think of himself as a “stereotypical geek”, but having been crowned champion in […]
April 05, 2012
A report says cyber criminals are seeking what they consider easy targets. By Pamela Lewis Dolan Small organizations, including physician practices, represented the largest number of data breaches in 2011, according to Verizon’s annual Data Breach Investigations Report. The report examined 855 breaches across the globe that accounted for 174 million compromised records in 2011. […]
March 23, 2012
DEBRIEFING THE PHI REPORT: DETERMINING THE TRUE COST OF A DATA BREACH By Jenny Laurello This week I had the chance to listen to a webinar highlighting the recently released report on The Financial Impact of Breached Protected Health Information. Released on March 5, the “PHI Report” has already been downloaded by more than 1,700 users, with its goal being […]
March 21, 2012
NEW YORK, — On Wednesday, March 21, 2012, at 2:00 p.m. ET, the American National Standards Institute (ANSI), The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) will host a free webinar to help health care organizations assess security risks and help them build a business case to better […]
March 19, 2012
By Gerry Smith (Huffington Post) WASHINGTON — It is a scenario that many officials in Washington say keeps them awake at night: a cyberattack against critical infrastructure. Many lawmakers believe the nation’s vital computer networks are vulnerable to such an event, which they say could lead to the collapse of the banking system, sustained blackouts or […]
By Integracon The Department of Health and Human Services is fining BlueCross BlueShield of Tennessee $1.5 million for the 2009 loss of 57 hard drives that contained unencrypted protected health information (PHI). In addition to the fine, the agency must submit to a 450-day corrective action plan.[1] In 2009, 57 hard drives were stolen from […]
The American National Standards Institute has released a report emphasizing the business incentives for healthcare providers to improve their IT security, and the potential costs of failures to increase security protocols. The report notes that the healthcare industry’s move toward fully adopting electronic health records increases the opportunities for protected health information (PHI) to be […]
Experts say PHI protectors can’t pay for data protection because they don’t know how to make the business case for it. As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent with increased deployment of electronic health records […]
March 16, 2012
The American National Standards Institute (ANSI) has released a report on protected health information (PHI) security, namely, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, which offers a novel means of evaluating PHI at risk. The report would enable healthcare providers to conceive a business case for the investment […]
March 15, 2012
Compliance in many organizations is seen as only a costly inconvenience By Glenn S. Phillips Sometimes clarity comes out of the blue, including clarity about compliance issues. Recently I was meeting with friend and business associate Ben Drake. His company works with networking and data protection technology for a number of businesses. I mentioned how some organizations […]
March 14, 2012
Clearwater Compliance, a prominent HIPAA-HITECH compliance consultancy and software provider, announced today another upcoming free webinar entitled “How to Calculate the Cost of a Data Breach and What to Do About It.” Based on the new report recently published by ANSI and co-sponsored by Clearwater entitled “The Financial Impact of Breached Protected Health Information: A […]
By Michelle McNickle With groups recently banding together to demand a tightening of security for protected health information, looking at the financial side of a breach has been put front and center. But according to Rick Kam, president and cofounder of ID Experts, there’s an aspect of protecting PHI that’s “not getting picked up,” and is […]
Blue Cross Blue Shield of Tennessee agrees to pay $1.5 million to settle case involving theft of 57 unencrypted hard drives that contained protected health information. By Nicole Lewis Blue Cross Blue Shield of Tennessee (BCBST) will have to fork over $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle potential […]
March 13, 2012
By Ron Shinkman Although hospital operators know that a data breach can lead to significant consequences–lawsuits, loss of business and reputation–a new report by the American National Standards Institute (ANSI) can help them place a specific price tag on such mishaps. The report released last week includes a section on what it refers to as “PHIve”–a five-step process […]
March 12, 2012
By Michelle McNickle The risk of protected health information being breached has grown dramatically within the past few years, and to combat the threat, the HIPAA Security Rule was created to provide organizations with administrative, physical, and technical guidelines to safeguard their electronic PHI. “The guidelines underscore a higher goal of the HIPAA Security Rule: helping […]
March 09, 2012
By Risk Management Magazine The Information Age. The Digital Age. The Computer Age. Whichever name you use, we’re in an era where many companies’ most valuable asset is information, from consumer buying habits to patient diagnoses to scientific data. At the same time, this asset also comes with a burden: companies are responsible for safeguarding the […]
By Jack Anderson CEO Compliance Helper Here is a quote from Rebecca Herold, CIPP, CISSP, CISM, FLMI, in the February 2010 edition of Compliance Today: “CEs are now accountable for more active validation of BA security and privacy program compliance, beyond just having a BA contract in place. It is more important than ever for […]
DATA BREACHES PUT PATIENTS AT RISK FOR IDENTITY THEFT By: Robin Erb DETROIT – Walk into a doctor’s office and chances are that some of your most private information — from your Social Security number to the details of your last cervical exam and your family’s cancer history — is stored electronically. Your doctor might […]
Report is a call to action for healthcare to invest more to protect patient information To view the original article please click here. By Don Bailey Washington, DC, March 5, 2012: With the release today of The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, health care organizations now have […]
By Dissent Nick Budnick reports: A Northwest Portland psychiatrist is putting out public notice that personal information of 480 current and former patients on a laptop was stolen from his office. A burglar broke into Dr. David Turner’s office last October, stealing the laptop and other items. Turner is now seeking current and former patients to […]
By Steve Campbell With the release of the recent The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, health care organizations now have a new method to evaluate the “at risk” value of protected health information (PHI) that will enable them to make a business case for appropriate investments to better […]
March 08, 2012
To view the original article please click here. By Brian Eastwood Since 2009, the number of Americans affected by data breaches caused by lax protection of health information (PHI) security stands at more than 19 million — roughly the population of the state of Florida.
By Ericka Chickowski As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent with increased deployment of electronic health records (EHRs) without enough financial backing to get the job done. And the only way that these PHI protectors can […]
PHI PROJECT RELEASE REPORT ABOUT HEALTH CARE DATA SECURITY On Monday, the PHI Project released a report about the state of data security within health care organizations titled, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.” Key findings: Weak Data Security: health care organizations are entrusted with safeguarding patient privacy, […]
March 07, 2012
By Abraham To view the original article please click here. No it is not your imagination. Security breaches are on the rise, particularly in healthcare. This is due to the fact that modern techniques are making more healthcare records available in electronic format. While this does wonders for efficiency and potential more accurate diagnosis and faster treatment […]
By AuntMinnie.com Staff Writers The Identity Theft Prevention and Identity Management Standards Panel of the American National Standards Institute (ANSI) has published a 67-page report about the need for healthcare organizations to protect patient information from data breaches. The “Financial Impact of Breached Health Information” discusses the financial, legal, operational, clinical, and other repercussions of […]
Experts say PHI protectors can’t pay for data protection because they don’t know how to make the business case for it By Ericka Chickowski, Contributing Writer, Dark Reading As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent […]
New Method for Quantifying Breach Costs, Justifying Spending By Howard Anderson Because winning the support of CEOs for any new project requires demonstrating a return on investment, information security professionals need to more precisely quantify the potential payoff of their suggested spending on technologies and training, according to a new report. Security specialists need help “putting […]
March 06, 2012
By Thor Olavsrud Given that stolen medical records can bring $50 apiece on the underground market, the frequency and magnitude of data breaches involving electronic health records is increasing. In an effort to help CIOs and CSOs build a better business case for enhancing security, a group of standards and security organizations have issued a new […]
To view the original article please click here. As adoption rates rise, health IT makes protected health information (PHI) available to more organizations and entities, increasing the likelihood of data being improperly disclosed, lost or stolen. Despite the risks and costs of a potential data breach, many healthcare executives aren’t doing enough to support their organizations’ […]
By Renee Boucher Ferguson A comprehensive new report released this week, outlines the fragile state of patient information security, offering up a five-step methodology to help healthcare CIOs and CEOs determine the right level of investment in technology, processes and policy to better protect patient information. In the report, three organizations–the American National Standards Institute (ANSI), The Santa […]
5-Step Method Provides Health Care Organizations with Tool to Estimate the Overall Potential Costs of a Data Breach To view the original article please click here. ANSI, The Santa Fe Group/Shared Assessments Program Healthcare Working Group,and the Internet Security Alliance to Host Congressional Briefing Today; White House Cybersecurity Coordinator Howard Schmidt to Speak at Press Conference […]
By Kris The U.S. government is encouraging healthcare organisations to utilise electronic healthcare records. However this will mean much more is required to be spent on Cyber Security. As “no organisation can afford to ignore the potential consequences of a data breach,” according to the American National Standards Institute. To view the original article please click here. […]
By Thor Olavsrud Given that stolen medical records can bring $50 apiece on the underground market, the frequency and magnitude of data breaches involving electronic health records is increasing. In an effort to help CIOs and CSOs build a better business case for enhancing security, a group of standards and security organizations have issued a new […]
By: Simply Security Outside attacks were most responsible for data breaches in 2011. To view the original article please click here. Verizon Business recently released some of the results of its 2012 Data Breach Investigations Report, which took into account around 90 of the 855 global breaches the company tracked last year. Among the most glaring results […]
March 05, 2012
How much should a company handling Protected Health Information (PHI)[1]spend to protect itself from a data breach? Businesses typically use quantitative methods such as Net Present Value, Internal Rate of Return and Payback Period to make investment decisions. But investments to prevent breaches of PHI have until now relied on compliance arguments and subjective judgments. […]
By Aliya Sternstein Faced with the reality that health care data breach legislation is unlikely to emerge, the American National Standards Institute on Monday set forth a financial reason for providers to protect their patients’ online privacy. To view the original article please click here. The cost of patient data losses during the past year ranged between […]
By Chris Strohm WASHINGTON — Insufficient funding and lack of executive support are mainly responsible for security breaches involving patients’ electronic health records, a study found. Executives at health-care companies and providers must improve cost assessments to include payments from class-action lawsuits, said the report released Monday by the nonprofit American National Standards Institute. Its members […]
By Kathleen Roney The American National Standards Institute, The Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance have announced a collaborative report which provides information for healthcare organizations to better understand and limit data breach risks and liabilities. To view the original article please click here. According to the report, healthcare organizations […]
By Brian T. Horowitz As the Obama administration provides incentives for meaningful use of electronic health records (EHRs), efforts by the health care industry to secure patient data, or protected health information (PHI), have lagged behind, according to a new report by the PHI Project, an initiative of 100 health care leaders, including providers and insurance companies, as well […]
Bernie Monegain, Editor To view the original article please click here. WASHINGTON – Several healthcare groups have joined together to demand a tightening of security for protected health information. And they’re making a financial case for it. With the release of “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” healthcare organizations […]
To view the original article please click here. Many health care organizations lack sufficient resources to adopt strong privacy and security protections for patient data, according to a report by a coalition of health care and data security groups, Modern Healthcare reports (Conn, Modern Healthcare, 3/5).About the ReportThe coalition includes the: American National Standards Institute; Internet Security Alliance; and Santa Fe […]
Puget Sound Business Journal by Emily Parkhurst , Staff Writer In an effort to encourage executives of health care companies to take the threat of cybersecurity breaches seriously, President Barack Obama’s Cybersecurity Coordinator Howard Schmidt on Monday announced a way for companies to evaluate the financial risk of data breach. “When it comes to cybersecurity, we […]
By John Pulley March 5, 2012 The time and money spent protecting personal health information from data breaches are well worth the investment, contends a new industry security report. The 67-page report, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” includes a five-step method that health care organizations can use […]
AND WAYS TO DEVELOP A BUSINESS CASE FOR ENHANCE PROTECTION OF THE INFORMATION. The free report is a collaborative effort of the American National Standards Institute, consultancy The Santa Fe Group, and the Internet Security Alliance, with input from more than 100 members of 70 organizations. The report offers up “PHIve,” a five-step method to […]
New report delves into the threats healthcare providers face for potential patient data breaches, and provides steps and tools to help assess those risks. By Marianne Kolbasuk McGee March 05, 2012 04:23 PM A new report outlines the financial costs of breaches of protected health data–and offers a five-step method for healthcare providers of any size […]
March 05, 2012 | Bernie Monegain, Contributing Editor Several healthcare groups have joined together to demand a tightening of security for protected health information. And they’re making a financial case for it. With the release of “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” healthcare organizations now have a new […]
March 05, 2012 | Michelle McNickle, New Media Producer To view the original article please click here. The recently released report, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” highlights the need for organizations to adopt a new method to evaluate the value of PHI, said the leaders of […]
March 04, 2012
By Chris Strohm – Mar 5, 2012 12:01 AM ET Insufficient funding and lack of executive support are mainly responsible for security breaches involving patients’ electronic health records, a study found. To view the original article please click here. Executives at health-care companies and providers must improve cost assessments to include payments from class-action lawsuits, said the […]
February 29, 2012
A March 5 news conference to unveil it will include Howard A. Schmidt, the White House cybersecurity coordinator, and Joe Bhatia, president and CEO of the American National Standards Institute. To view the original article please click here. Feb 29, 2012 Following the release of the new White House “Consumer Privacy Bill of Rights,” described as […]
February 14, 2012
By Chris Strohm (Bloomberg) To view the original article please click here. Feb. 8 (Bloomberg) — Tax breaks and liability protection may spur banking, energy and telecommunication companies to improve cybersecurity on their computer networks, the chairman of a House technology panel said. Representative Greg Walden, an Oregon Republican, said today he will consider taking up […]
February 10, 2012
By Jack Moore (Federal News Radio) Even as the House and Senate debate various proposals for cybersecurity legislation, the cyber environment is rapidly changing, one expert says. To view the original article please click here. Larry Clinton, the president of the Internet Security Alliance, testified before the House Energy and Commerce subcommittee Wednesday on the evolving cyber threat and […]
February 09, 2012
(Info Security) The US communications industry needs better information sharing, tax breaks, and liability protection from the federal government to improve cybersecurity, experts told a House panel on Wednesday. Entrust president and CEO Bill Conner highlighted the importance of public-private partnerships to share intelligence and inform the public. “The federal government needs to work more closely with […]
By Molly Bernhart Walker (FierceIT) Cybersecurity legislation is needed, agreed the panelists speaking Feb. 8 before the House Energy and Commerce subcommittee on communications and technology–but what that legislation should look like was a far more divisive issue. While the telecommunications industry is doing a good job of securing its infrastructure, other sectors need regulations […]
Technology industry representatives — looking to prevent an additional set of compliance requirements — urge House subcommittee to avoid new cybersecurity regulations to shore up the nation’s digital defenses. By Kenneth Corbin (CIO) WASHINGTON — Cybersecurity experts on Wednesday warned members of a House subcommittee against racing to legislation that would establish an overly burdensome […]
Jettisoning Old Ideas about Securing Vital IT Networks By Eric Chabrow (Gov Info Security) The concept of time supported contrary views on the need for more stringent government regulations to protect the nation’s critical information infrastructure. For Larry Clinton, chief executive of the industry lobbying group Internet Security Alliance, regulation is so last century and other factors […]
February 08, 2012
CONNER SPEAKS DURING CONGRESSIONAL SUBCOMMITTEE HEARING Entrust executive provides insight into cybersecurity attacks targeting vulnerable small businesses, enterprises via the Internet DALLAS, Feb. 8, 2012 /PRNewswire/ — Entrust Inc. President and CEO Bill Conner was invited as an expert speaker to the U.S. Subcommittee on Communications and Technology’s cybersecurity hearing in Washington D.C. Wednesday. The invitation to participate in the hearing, […]
CYBERSECURITY HEARING, SPRINT EARNINGS By Hayley Tsukayama (The Washington Post) Amazon and Viacom: Amazon and Viacom announced Wednesday that they had entered into a rights agreement that will bring content from MTC, Nickolodeon, Comedy Central, TV Land and VH1 into Amazon’s streaming video catalog. The deal, announced Wednesday by Amazon, will add about 2,000 titles to […]
Experts Say Threat is Growing, as Roles of MSOs,Other ISPs in Battling Attacks By Mike Reynolds (Multichannel) The concerns of House Democrats and Republicans about cybersecurity was made clear in a Hill hearing Wednesday unusually free of the partisan divides that often surface in hearings in the House Communications Subcommittee. During the hearing on “Cybersecurity: […]
By William Jackson (GCN) Tools are available to counter many of the threats to today’s digital infrastructure, but a legal and policy framework created for an analog world often hampers their implementation, a panel of industry representatives told a House panel. There was some disagreement among the panelists testifying Feb. 8 before subcommittee of the […]
By Gautham Nagesh (The Hill) The major telecom providers have done a good job securing their networks and don’t require further regulation by the government, experts testified Wednesday. James Lewis, the director of the Center for Strategic and International Studies, said telecom companies have addressed cybersecurity on a level that other sectors have not. “The […]
February 07, 2012
By Brendan Sasso and Gautham Nagesh THE LEDE: The House Energy and Commerce telecom subpanel will hold a hearing Wednesday morning on the cybersecurity threat to the nation’s communications networks. The House has recently begun to move on cybersecurity legislation that would enhance information sharing between the government and private sector about cybersecurity threats and […]
February 03, 2012
By Bernard Golden (CIO-IN) I had the opportunity to speak at a new security conference last week, Security Threats 2012. I presented on the topic of balancing business benefits with risks in the cloud (more on that later), but the event touched on a wide range of pertinent IT topics, provoking stimulating discussions of some […]
January 31, 2012
By Eric Engleman and Chris Strohm Jan. 31 (Bloomberg) — A Senate measure aimed at compelling operators of vital U.S. utility and other networks to strengthen cybersecurity drew resistance from some business groups concerned that the bill would raise companies’ costs. Responses to draft versions of the legislation have included “hard pushback” from trade groups […]
December 11, 2011
COMPUTER INTERNET SECURITY SOFTWARE PROGRAM By Ona (Apollomozi) Using your laptop and a reliable Internet connection could be the best combination for an ideal enterprise opportunity. You don’t want increase too much capital for your enterprise venture. With just a reliable Internet connection and laptop system (which, due to vast availability and utilization, change into […]
December 07, 2011
By Matthew Lavoie (Shopfloor) Chairman of the House Intelligence Committee Mike Rogers (R-MI) stopped by the NAM headquarters today address the board of the Internet Security Alliance. He shared the details of H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011 a bill he sponsored with Ranking Member Dutch Ruppersberger (D-MD) that was […]
November 18, 2011
By Anthony Freed (InfoSec Island) To view the original article please click here. Internet Security Alliance President Larry Clinton praised the new direction on cyber security legislation that was signaled in a pair of new letters from Senator Majority Leader Harry Reid (D-NV) and 4 key Senate Republican leaders. “I note with great enthusiasm Majority Leader […]
July 02, 2011
By Anthony Freed (InfoSec Island) Larry Clinton is President and CEO of the Internet Security Alliance (ISA). Infosec Island provides ISA members with additional news and information links via their daily email updates. ISA is a multi-sector industry group created by the former Chairman of the U.S. House Committee on Intelligence and Carnegie Mellon University. […]
March 09, 2011
Grant Gross (IDG News ), PC World, 03/09/2011 To view the original article please click here. The U.S. government should look to incentives as a way to encourage businesses to adopt better cybersecurity practices, instead of creating mandates, recommends a new paper from four trade groups and a civil liberties group. ConcernAlthough some cybersecurity experts have […]
Angela Moscaritolo, DC Magazine, 03/09/2011 Instead of imposing additional security regulations, the U.S. government must work with the private sector to develop incentives that motivate companies to voluntarily adopt security best practices, a coalition of industry associations and civil liberties groups recommended in a white paper released Tuesday. The paper, crafted by members of the […]
February 08, 2011
Expert Voices Thought Leader: Sounil Yu By Sounil Yu (Booz Allen Hamilton) Why did you choose Booz Allen? Actually, Booz Allen chose me via the employee referral program. But I knew Booz Allen was a prestigious firm, so I was pleased to have been chosen. My old company was an accounting organization that offered consulting, […]
December 09, 2010
To view the original article please click here. PRO-WIKILEAKS CYBERATTACKS SHOW GROWING THREAT By Oren Dorell and Jack Gillum (USA TODAY) A cyberattack by supporters of WikiLeaks against the MasterCard and Visa websites foreshadows a new generation of increasingly dangerous assaults on the Internet, security experts say. “This will serve to inspire other bad guys,” said Rob Rachwald of […]
September 01, 2009
By Larry Clinton (Educause) Larry Clinton is President/CEO of the Internet Security Alliance. He is a member of the “Experts Panel” created by the General Accountability Office (GAO) at the request of the House Committee on Homeland Security to assess cybersecurity and make recommendations to the Obama Administration. Comments on this article can be posted […]
May 01, 2009
May 01, 2006
By Larry Clinton (Cutter IT) To view the article please click here.
January 01, 2006
By Larry Clinton (Cutter IT) To view the article please click here.
WHAT IS BEST FOR SEC ON CYBER? OLD STYLE REGS OR NACD MODEL? 01.15.10
CBS – Google To Pull Out Of China?
Interview with Larry Clinton, May 3, 2018 – Cyber PLUS Symposium – Part 2
SourceISA’s Larry Clinton on Cyber Threats and Liabilities (June 2018)
SourceBill Would Have Businesses Foot Cost Of Cyberwar
Source
Posted on November 20, 2023 at 8:05 am Larry Clinton’s opening statement Last week I was honored to attend the World Economic Forum’s annual cybersecurity conference and lead a session on the demystification of the economics of secured by demand/default (watch the introduction above). I want to thank, and congratulate, the Forum creating this session. This topic lies at the very essence of […] Posted on October 31, 2023 at 6:00 am The founder of the organization I am honored to lead was Dave McCurdy, the former Chair of the House Intelligence Committee. Based on his long career in government Dave liked to say, “government does two things well, nothing and over-react.” We are clearly, and rightfully, out of the” do-nothing” phase of government’s involvement in AI. […] Posted on October 30, 2023 at 9:08 am Introduction by ISA President Larry Clinton There is tremendous anticipation regarding the imminent release of a sweeping new Executive Order (EO) on the use of Artificial Intelligence form the Biden White House (LINK). Although the EO holds potentially game-changing reach, it needs to be understood in the context that government is largely playing catch-up on […] Posted on October 26, 2023 at 10:04 am Introduction by ISA President Larry Clinton The SolarWinds’ Orion software attack – which occurred nearly three years ago — had devastating impact that organizations are still facing today. Recent reports estimate that government agencies and private organizations will spend $100 billion over the next few years investigating the incident and remediating the damage done in […] Posted on October 24, 2023 at 12:58 pm Introduction by ISA President Larry Clinton Critical Infrastructure in the United States is facing a substantial risk of cyber attacks at all times due to the imbalance of risk assessment between the public and private sectors. Until this disparity is mitigated, the United States will never be adequately protected on all sides from cyber attacks. […] Posted on October 20, 2023 at 5:02 am Introduction by ISA President Larry Clinton Biden Administration’s National Cybersecurity Strategy (NCS) rightfully “recognizes that robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace.” Unfortunately, this “essential” goal is undermined in the very same document. Alongside announcing plans to scale public-private partnerships, the Biden Administration also proposes a number of […] Posted on October 18, 2023 at 4:59 am Introduction by ISA President Larry Clinton Many people new to the cybersecurity issue often suggest that what is needed is a strict regulatory model. However, as Richard Clarke and Robert Knake, two of the most experienced and well-respected experts in the field of cybersecurity, point out in their book The Fifth Domain, “There is a […] Posted on October 17, 2023 at 8:54 am Introduction by ISA President Larry Clinton Although Albert Einstein probably never said “The definition of insanity is doing the same thing over and over again and expecting a different result,” it’s still a pretty incisive comment that unfortunately applies to cybersecurity regulation. Our current cybersecurity process is insane. The fact is that the traditional cybersecurity […] Posted on October 6, 2023 at 10:43 am Introduction by Larry Clinton As we have documented past blogs (LINK, LINK), we are fighting an uphill battle against increasingly sophisticated cybercriminals. In fact the new national strategy to secure cyber space essentially says that only the most sophisticated private companies have any hope of preventing cyber-attacks. This means we must increasingly rely on our […] Posted on October 5, 2023 at 5:08 am Introduction by Larry Clinton As we explained in previous blogs (LINK), cybercrime is at an all-time high – and there are no signs that it is slowing down. Economic losses from cybercrime are estimated to be as much as $2 trillion annually—and increasing to as much as $10.5 trillion by 2025 – 10 trillion is […] Posted on October 4, 2023 at 11:37 am Introduction by Larry Clinton I expect virtually everyone who might be reading this blog knows that October is Cybersecurity Awareness month. But I doubt the total number of people in the Unites States who know October is “our” month rises above five figures. Of course, awareness that we have a cyber security problem is virtually […] Posted on September 21, 2023 at 8:28 am The release of the Department of Defense’s (DOD) 2023 Cyber Strategy could not have come at a better time. The first DOD Cyber Strategy since 2018, it shows the DOD recognizes the scale of the cyberthreats facing our nation and are looking to build a forward-facing posture in our nation’s cyber defense. The digital age […] Posted on September 20, 2023 at 5:00 am Introduction by ISA President Larry Clinton Last week we discussed the foundational principles (LINK) and best practices (LINK) that can be followed to implement the Biden Administration’s Secure by Design and Default (SDD) proposal. In this third and final blog on SDD, we will dive into the most important part of any proposal: how to […] Posted on September 19, 2023 at 7:49 am AI is the new black, in two senses. First, AI is clearly the fashion of the day as AI week on/Capitol Hill has now turned into AI month and may well have an extended “season.” The other sense in which AI is the new black is that in many ways it is an ominous, and […] Posted on September 18, 2023 at 7:35 am According to Politico it’s unofficial AI week on the Capitol Hill, as lawmakers in the House Oversight cyber subcommittee and the Senate Homeland Security and Governmental Affairs committee are capping off their first few days back by asking federal agencies: what are you doing with AI? A key element of Congressional oversight, as it is […] Posted on September 15, 2023 at 5:00 am In yesterday’s blog, (LINK) we highlighted the Biden Administration’s positive step towards rebalancing the economics of cybersecurity. By shifting the narrative away from “blaming the victim” of cyberattacks, we are moving in the right direction to creating a market economy of products with cybersecurity embedded in their very design. However, this won’t be easy. For […] Posted on September 14, 2023 at 5:00 am Introduction by ISA President Larry Clinton The reality is that we are losing the fight to sustainably secure our cyber networks – and losing badly. This means we need to change the way we have been approaching the issue. That begins by stopping the blame game focusing on the victims of cyber-attack and beginning to […] Posted on September 13, 2023 at 5:00 am You read that right. By creating a national virtual cybersecurity academy we would fill the current 35,000 federal cybersecurity workforce gap in 4 years thus measurably enhancing our country’s security. Moreover, because academy graduates would replace the current independent contractors the government is hiring while receiving salaries equivalent to that of graduates of the traditional […] Posted on September 12, 2023 at 5:00 am Introduction by ISA President Larry Clinton The federal government spends roughly $70 billion a year on our cybersecurity. The very first billion ought to go to funding a virtual cybersecurity academy. The reason, as we outlined in our previous post (read here), is that we are wasting much of the current $70 billion spent because […] Posted on September 11, 2023 at 8:37 am What is the single most important public policy issue in cybersecurity? Hint: the answer is the same as if we asked what is the single greatest vulnerability to our cyber systems? It’s people. We don’t have nearly enough properly trained cybersecurity professionals. Current estimates are that we have 700,000 cybersecurity jobs we can’t fill (world-wide […] Posted on September 8, 2023 at 5:00 am In yesterdays’ post we praised the new national cybersecurity strategy for properly placing the harmonization of cybersecurity regulations as issue 1.1.1 in its new implementation plan. Streamlining regulations is one of the fastest, most efficient, and frankly easiest, ways to unleash significant amounts of scarce cybersecurity resources to more effective uses. We also criticized the […] Posted on September 7, 2023 at 5:00 am President Biden’s National Cybersecurity Strategy (NCS) and subsequent Implementation Plan (NCSIP) got off to a great first step by recognizing the need for cybersecurity harmonization as initiative 1.1.1. The Administration is properly prioritizing this initiative because addressing it will, comparatively quickly and effectively, enhance our nation’s cybersecurity by freeing up between 40%-70% (depending on the […] Posted on September 6, 2023 at 9:59 am Absent a few notable exceptions, traditional regulation has not worked to improve our cybersecurity. There are multiple reasons why it generally doesn’t improve security and is often actually counterproductive which we (ISA) describe in our recent book Fixing American Cybersecurity: Creating a Strategic Public Private Partnership (Georgetown University Press 2023) so, we won’t detail them […] Posted on July 24, 2023 at 9:48 am In science and public policy, a principal goal is to develop an elegant solution. Elegance is generally defined as the simplest statement that most completely solves the problem. The quintessential example of scientific elegance is Einstein’s explanation of the theory of relativity E=mc2. Beautiful. The Biden Administration has just released its proposal to address the […] Posted on July 5, 2023 at 10:24 am In an increasingly interconnected world, cybersecurity has become a paramount concern for governments, businesses, and individuals alike. The Government Accountability Office (GAO) recently published an article titled “Cybersecurity: Actions Needed to Address Challenges and Improve the Federal Government’s Management of Cybersecurity Risks,” shedding light on the critical issues facing our nation’s cybersecurity efforts. To address […] Posted on June 28, 2023 at 11:16 am BY LARRY CLINTON AND ANNA MISKELLY As the Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program rulemaking looms over the defense industrial base (DIB), the Pentagon released a two-page fact sheet highlighting free services offered to companies to help reach compliance. Services such as Project Spectrum and the Blue Cyber Initiative focus on small businesses, targeting […] Posted on June 23, 2023 at 11:12 am By Larry Clinton and Sarah Harmon This past week, the House Armed Services Committee approved amendment language for the proposed 2024 National Defense Authorization Act (NDAA) to bolster our country’s cybersecurity and emerging technology programs next year. These changes aim to improve the U.S.’s ability to compete with China across several technology sectors, with a […] Posted on May 26, 2023 at 11:04 am It took Netflix two and a half years to reach 1 million users. Facebook did it in 10 months. Chat GPT did it 5 days. Just as the Internet fundamentally disrupted business plans a decade ago, so, too, is generative artificial intelligence now changing the world – only at a far accelerated pace. Management teams […] Posted on May 11, 2023 at 5:34 pm An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit. The […] Posted on May 9, 2023 at 8:31 am What could possibly be less sexy than setting technical standards? It’s a tough question, I’ll give you a minute. Maybe, writing about setting technical standards? But it’s one of those jobs that absolutely HAS to be done. Obviously, the technical standards are the building blocks of the digital world. If the standards are not done […] Posted on April 26, 2023 at 8:00 am One of the many activities at RSA this week has been a series of meetings on how exactly CISA can implement the big idea in the Biden Administration’s new national cybersecurity strategy, shifting the focus on cyber from the user to the providers of cyber technology. Much of the talk around the new strategy has […] Posted on April 5, 2023 at 9:41 am To begin with, we know the cyber risk oversight model described in the NACD-ISA Cyber Risk Handbook actually enhances cybersecurity. We also know there is no proof the SEC proposed regulations, which have already been tried in multiple venues, will enhance cybersecurity or protect investors. In fact, the NACD-ISA handbook is the only set of […] Posted on March 31, 2023 at 9:14 am A Review of Fixing American Cybersecurity, Edited by Larry Clinton and Foreword by Kiersten Todt This entry was posted in Book ReviewCybersecurity on March 30, 2023 by Steven Bowcut In an era of growing cyber threats and increasing data breaches, the need for robust cybersecurity measures has never been greater. Against this backdrop, Larry Clinton’s new book, “Fixing American Cybersecurity: Creating […] Posted on March 30, 2023 at 9:29 am Writing in the February edition of Foreign Affairs CISA Director Jen Easterly called for “a new model” for cybersecurity. A month later President Biden released a new national strategy for cybersecurity which he said would “realign incentives in favor of long-term investment. When releasing the new strategy acting WH Director for Cybersecurity Kemba Waldon said, […] Posted on March 27, 2023 at 11:28 am The Biden Administration’s new National Cybersecurity Strategy is an important first step toward improving our nation’s cybersecurity. This strategy, unlike the numerous others that have been unveiled over the past 20 years, adopts ISA’s core argument that we cannot create a sustainably secure cyber system until we rebalance the incentives for cyber-attacks. ISA is not […] Posted on March 15, 2023 at 9:17 pm The traditional regulatory model – when applied to cybersecurity – is actually anti-security. For all the discussion around the Biden Administration’s new cyber strategy generating new regulations, this one simple fact remains. There is no evidence the cyber regs are working. The real question is not so much how much new regulations there ought to […] Posted on March 6, 2023 at 10:21 am The new National Cybersecurity Strategy released last week calls for intensified federal regulation on IT providers, while presumably shifting regulatory focus away from technology users (we will see what the regulatory agencies and the SEC has to say about that last part). The strategy asserts “regulation can level the playing field enabling healthy competition without […] Posted on March 3, 2023 at 10:00 am There are probably various government agencies where regulators have already sharpened their virtual pencils preparing to write up some new regulations go along with the new National cybersecurity strategy released yesterday. Please put down your pens. That is not where implementation of the new strategy needs to begin. While much of the conversation about the […] Posted on March 1, 2023 at 9:23 am There is a is a common misconception that cybersecurity regulation has not been tried, and that, if only there was federal regulation of cyberspace, we would have a more secure environment. The facts don’t bear out this assertion. In our next two posts, we will first lay out the empirical evidence that cyber regulation does […] Posted on February 27, 2023 at 10:14 am Spoiler alert: It’s both. However, virtually all of our efforts to address our cybersecurity problems have focused on the tech side and virtually none on the underlying economics of cybersecurity. This has led to an unbalanced and ineffective government response in “providing for the common defense” in the cyber infrastructure. In their classic work, The […] Posted on February 24, 2023 at 7:52 am US cybersecurity policies have been inadequate for decades and need to be updated to counter the heightened digital and physical risks the nation faces from our adversaries today. The US cybersecurity effort over the past thirty years largely comes down to a series of modest, disjointed, incremental tactics. On the other hand, one significant rival, […] Posted on February 23, 2023 at 8:57 am The review (pasted below) is also available at AUTHOR Q&A: China’s spy balloons reflect a cyber warfare strategy America must counter https://www.lastwatchdog.com/ By Byron V. Acohido The attack surface of company networks is as expansive and porous as ever. Related: Preparing for ‘quantum’ hacks That being so, a new book, Fixing American Cybersecurity, could be a long […] Posted on February 22, 2023 at 8:00 am In a series of posts over the past couple weeks (LINKS), we have documented how China has been successfully carrying out a concerted and multi-faceted digital program designed to re-make the post-WWII world order and redirect it toward China. The Chinese campaign is well conceived, integrated, generously supported, and largely covert, which is consistent with […] Posted on February 20, 2023 at 9:50 am In recent posts, we have described how over the last 30 years China has smartly leveraged the vulnerabilities of the digital age to steal Western technology and, in so doing, leap-frog generations of R&D to become a world economic power. Not satisfied with their renaissance as an economic power, China leveraged massive government financial support […] Posted on February 13, 2023 at 7:53 am In our last post we documented how Huawei technology, thanks to massive cross-subsidization from the Chinese government, was succeeding in deploying its telecommunications network around the world. That is a story that is fairly well known in Washington policy circles. However, Huawei is by no means the only technology threat China poses though its comprehensive […] Posted on February 10, 2023 at 10:00 am China’s Digital Silk Road Strategy integrates technology, economics, and politics with the long-term goal of altering the post-World War II US- European world order. An assessment of China’s three wars strategy by the U.S. Department of Defense found that the CCP’s goals were to reclaim global status over the United States by weakening our alliances […] Posted on February 8, 2023 at 9:05 am Last week, Foreign Affairs magazine published an article written by CISA Director Jen Easterly and Asst. Director Eric Goldstein entitled “Why Companies Must Build Security into Products.” The central thesis of their article is we need a “new model” for cyber security because what we have been doing isn’t working. This is precisely the messaging […] Posted on February 6, 2023 at 10:46 am In the past few weeks, China’s surveillance balloon and the ubiquity of TikTok have created substantial concern in Washington, as well they should. However, these are simply among the most obvious tactics China is using in its competition with the West. For the US to be adequately responsive we need to be more aware of […] Posted on January 31, 2023 at 7:37 am By Charlie Mitchell / January 31, 2023 CISA chief of staff Kiersten Todt provides the foreword to a new book on cybersecurity strategy by Internet Security Alliance leader Larry Clinton, saying a focus on economic incentives for industry cyber improvements is an essential part of a “a strong, actionable approach to industry/government collaboration.” “We need bold action […] Posted on January 30, 2023 at 9:18 am I’m delighted to announce that this week the Internet Security Alliance will launch its Fixing American Cybersecurity campaign. The campaign is based on three new publications. First ISA’s public policy book Fixing American Cybersecurity: Creating a Strategic Public Private Partnership (Georgetown University Press) [Link: available for pre-release purchase on Amazon] which will be released this […] Posted on January 3, 2023 at 7:26 pm Independent research conducted by MIT finds the consensus cybersecurity principles and practices laid out in the NACD-ISA Cyber Risk Oversight Handbooks “demonstrates that organizations that use the consensus principles can significantly improve their cyber resilience without raising costs” and organizations who “follow the principles are predicted to have 85% fewer incidents.” This confirms previous research by PWC. […] Posted on at 7:25 pm ISA’s Mission is to integrate advanced technology with economics and public policy to promote sustainably secure cyber system. The ISA board, consistits of cyber leaders (typically CISO) from virtually every critical industry sector. Over 20 years ISA has created a comprehensive theory and practice for cybersecurity covering both enterprise risk managment and government policy. ISA’s […] Posted on November 17, 2022 at 7:19 am Geneva, Switzerland/November 16/As the World Economic Forum’s annual Cybersecurity Summit concluded today research conducted by MIT Cybersecurity at MIT Sloan (MIT CAMS) found that the cyber risk oversight principles (consensus principles) developed by the Forum in conjunction with the Internet Security Alliance (ISA) and the National Association of Corporate Directors (NACD) “demonstrates that organizations that […] Posted on at 6:53 am Major Findings · The Cyber Risk Principles developed by the ISA, NACD and the World Economic Forum help drive cyber resilience across industries. · Simulation-aided research from MIT CAMS shows that commitment to and adoption of the Cyber Risk Principles significantly improves cyber resilience. · Results also show that, commitment to these cyber risk principles […] Posted on July 18, 2022 at 11:12 pm PREMISE ONE: CYBERSECURITY IS A NATIONAL DEFENSE IMPERATIVE Just as World War II made it apparent that the skies were a unique domain of warfare resulting in the creation of the US Air Force Academy in the 1950s, so, too, have recent events made it clear beyond doubt that cyberspace is now a unique domain […] Posted on May 31, 2022 at 11:27 am In a series of recent posts, we have noted the time has come for us to create a national virtual cyber service academy, modeled on our traditional military academies, but updated for the digital age (link). We subsequently detailed the public policy argument for this academy (link) and outlined a governance model for it (link). […] Posted on at 11:21 am EXECUTIVE SUMMARY In our last post we made the case for a national, virtual, cybersecurity academy. In this post we will discuss the key points of our proposal and in our next post we will discuss the advantages of our proposal which we suggest as the only practical way for the USA to quickly, comprehensively, sustainably, […] Posted on at 11:19 am We need to stop talking about the issue of cybersecurity workforce development. We need to properly frame the issue an imperative for national defense digital mobilization. Just as World War II made it apparent that the skies were a unique domain of warfare resulting in the creation of the US Air Force Academy in […] Posted on at 11:15 am Our service academies – West Point, Annapolis the Airforce and Merchant Marine Academies are the ultimate public private partnership. Government offers private citizens high quality education at no cost, and in return the graduates are obliged to provide three years of service to the government, and many stay on well-past that obligation. The system has […] Posted on February 23, 2022 at 11:55 am By Larry Clinton In the latest edition of Foreign Affairs, the US Director for Cybersecurity, Chris Inglis and Harry Krejsa, propose that the government and industry forge a new paradigm – a cybersecurity social contract. Naturally, the Internet Security Alliance applauds this move toward a new paradigm. We do so for two reasons, first and […] Posted on January 21, 2022 at 12:11 pm By Larry Clinton The focus of the current series of posts is to suggest the need for new directions in cybersecurity policy. Put succinctly, it’s not just that we need to do cybersecurity better – it’s that we need to do cybersecurity differently. Why? Because we are getting killed out there. Cybercriminals generate roughly $2 trillion […] Posted on January 17, 2022 at 1:07 pm This blog series began by asserting that in the new year, given the obvious ineffectiveness of our current cyber policies it’s time for policymakers to begin focusing on issues that might really matter in terms of creating a sustainably secure system. We then moved forward to identify two major areas where government could really make a […] Posted on January 14, 2022 at 11:48 am By Larry Clinton In this series of posts, we have been arguing that now is a time to rethink our efforts to create a sustainably secure cyber ecosystem. The core notion of this rethinking would be to, finally, begin focusing more on programmatic changes that will truly impact the security of cyberspace, as opposed to the […] Posted on January 10, 2022 at 11:29 am By Larry Clinton Last week, we discussed that we needed to make a New Year’s resolution to start talking about things that really matter for cybersecurity. One area that really matters if we’re serious about improving our cybersecurity is addressing the current workforce shortage. We can never create an adequately secure our cyber systems unless […] Posted on January 3, 2022 at 11:51 am By Larry Clinton, President and CEO, Internet Security Alliance I have to say I’m disappointed the language requiring more stringent timelines for reporting cyber events to the government didn’t make it into the National Defense Authorization Act (NDAA). I’m not disappointed because I have strong feelings one way or another about that provision – to […] Posted on May 7, 2020 at 11:26 am By Josh Higgins, Senior Director of Policy and Communications The COVID-19 pandemic has created many new challenges for companies — such as managing a remote workforce, adopting new suppliers and cloud services, and a vastly expanded cyber-threat landscape — as the world works to maintain productivity through primarily virtual means. However, despite all these new […] Posted on April 6, 2020 at 11:41 am Instantaneous, Unplanned, Digital Transformation Creates Massive Cyber Risk By Larry Clinton Insiders are generally identified as the locus of about half of successful cyber-attacks. The 2020 edition of the Cyber-Risk Oversight Handbook published by the National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) last month (available free of charge here). identifies the […] Posted on April 2, 2020 at 10:56 am The outbreak of coronavirus globally has created a new reality vastly increasing how much business is done online: While this new virtual reality is essential to sustaining business during the pandemic, it is critical that corporate boards are also aware of the increased cybersecurity threat from this intensified, and often unplanned, utilization of technology. As […] Posted on March 16, 2020 at 4:47 pm By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […] Posted on March 11, 2020 at 10:48 am This is the second in a series of blogs distilling the cybersecurity advice for boards of directors contained in the new Cyber-Risk Oversight 2020 Handbook published by the National Association of Corporate Directors and the Internet Security Alliance. By Larry Clinton In 2015, ISA, along with Georgia Tech, the New York Stock Exchange, and Palo […] Posted on March 2, 2020 at 10:37 am By Larry Clinton At last week’s RSA Conference, the National Association of Corporate Directors (NACD) in partnership with the ISA published Cyber Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards. This is the third in a series of cyber-risk handbooks ISA and NACD have partnered on since 2014, and like the previous […] Posted on February 5, 2020 at 12:47 pm WHAT I HEARD AT THE G-20 CYBERSECURITY DIALOGUE THIS WEEK This week I was honored to be one of the 17 outside experts (3 Americans including myself) asked to address the official G-20 Cybersecurity Dialogue in Riyadh, Saudi Arabia. This meeting was designed to assist the G-20 Digital Economic agenda for this fall’s full G-20 […] Posted on February 3, 2020 at 7:16 am By Larry Clinton I’m honored to be one of about 15 outside speakers who have been asked to address the G20 Cybersecurity Dialogue — part of the G20 Digital Economy Task Force — at their invitation–only meeting in Riyadh. I’m delighted that the world’s largest economies are launching an effort to look at our cybersecurity problems […] Posted on January 9, 2020 at 10:30 am Cyberspace Solarium Commission Co-Chair Sen. Angus King (I-ME) has “leaked” to us that the Commission is virtually unanimous in the desire to see government process for cybersecurity overhauled. As we discussed in this space yesterday, that is a great, if not exactly novel, idea. But as the old saying goes, every great idea eventually devolves […] Posted on January 8, 2020 at 9:32 am In 2016 the ISA published a 12-step program for Congress and the new Administration to address the growing cybersecurity threat. Number 4 on the list (after act with greater urgency, spend more money, and understand cybersecurity is not just about IT) was that “Government needed to get organized to reflect the digital age.” Yesterday the […] Posted on October 31, 2019 at 11:42 am by Larry Clinton Yes, they are. While corporate boards of directors worldwide are developing programs to increase own their understanding of the cyber threat and taking action to address it, the government equivalent of corporate boards – legislators, agency heads, and the like – seem content to tell others what to do while not seriously […] Posted on October 28, 2019 at 10:00 am by Larry Clinton In a field seemingly overpopulated with remarkably similar programs on cybersecurity, the Organization of American States, of all places, will host a unique program at their Washington, D.C. headquarters on November 8. OAS, along with the Cyber Security Council of Germany and the Internet Security Alliance, will discuss the findings of a […] Posted on October 2, 2019 at 8:49 am by Larry Clinton I expect virtually everyone who might be reading this blog knows that October is Cybersecurity Awareness month. But I doubt the total number of people in the Unites States who know October is “our” month rises above five figures. Of course, awareness that we have a cyber security problem is virtually unanimous. […] Posted on October 1, 2019 at 10:24 am by Larry Clinton I have opined in the past, somewhat tongue in cheek, that Cyber Security Awareness Month may be a bit outdated—is there really anyone unaware that we have a cyber security problem in 2019? Perhaps Cybersecurity understanding month is a bit timelier and more needed. However, in the spirit of the cyber season […] Posted on September 30, 2019 at 1:43 pm by Larry Clinton On Friday I was honored to provide the closing keynote speech at the Organization of American States’ (OAS) Cybersecurity Symposium in Santiago, Chile. The purpose of the event was to unveil and release the first Cyber-Risk Oversight Handbook for Corporate Boards targeted for the entire Latin American region. The Handbook is part […] Posted on August 12, 2019 at 11:03 am by Larry Clinton Perhaps the one thing virtually everyone in the cybersecurity field agrees on is that, notwithstanding many laudable efforts, we are losing the fight to secure cyberspace. Illustrative of this reality, the Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, has wisely commented we need a new […] Posted on July 31, 2019 at 9:52 am by Larry Clinton Last week, the bipartisan Select Committee on the Modernization of Congress issued a list of two dozen recommendations designed to “make Congress more reflective and responsive to the American people.” One recommendation stands out as particularly timely, visionary and practical: “Making cybersecurity training mandatory for Members.” Finally, a cybersecurity mandate that makes […] Posted on July 30, 2019 at 1:27 pm by Josh Higgins When companies think about cybersecurity threats, they often think of a hacker in some far-off place using sneaky tactics to gain access to their systems. However, Capital One’s announcement Monday of a major data breach highlights another major, yet often overlooked, cyber threat: The insider. Similar to other cyber incidents, the newly […] Posted on July 29, 2019 at 11:48 am The biggest story in cybersecurity this past week was the eye-popping $5 billion dollar (that’s billion with a B) fine the FTC placed on Facebook for not adequately fulfilling its responsibilities to protect its consumer’s data. Probably just as painful to Facebook, and its CEO, as the fine itself is having to publicly acknowledge their […] Posted on July 19, 2019 at 2:27 pm It’s not news that cyber-attacks are increasing both in number and sophistication and that the increasing criticality of the attack methods demands increased attention especially with respect to critical infrastructures. Also, due to the uniqueness of information systems, the speed with which attack methods and technologies change the traditional regulatory model has been deemed to […] Posted on June 26, 2019 at 1:31 pm Yesterday Congressman Cedric Richmond, Chair of the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Innovation announced in the wake of the recent ransomware attacks on local jurisdictions like Atlanta and Baltimore that he is going to propose a series of legislative efforts to assist the municipalities because “we can’t expect under-resourced, understaffed, state and […] Posted on June 21, 2019 at 10:47 am by Larry Clinton The greatest cyber risk an organization can have is doing a faulty cyber-risk assessment. This is one of the key insights from Doug Hubbard’s paradigm-shifting book “How to Measure Anything in Cybersecurity Risk”. While in Chicago this week to do a series of Master Classes on the Economics of Cyber Risk for […] Posted on June 18, 2019 at 11:27 am by Larry Clinton In Chicago this week the National Association of Corporate Directors (NACD) will host the first in a series of nationwide events on the economics of cybersecurity. The courses start with a brief discussion of the now well-known existence of cyber-attacks on enterprises. However, they quickly move beyond the problem and instruct board […] Posted on June 12, 2019 at 11:08 am by Larry Clinton When the ISA published the Cybersecurity Social Contract three years ago, one of the facts we documented was that some in critical industries were being forced to divert between 30%-40% of their scarce cybersecurity resources to largely redundant regulatory compliance. This fact highlights the twin maladies of undermining efforts to strengthen cybersecurity without improving either […] Posted on June 6, 2019 at 11:00 am Once upon a time, industry experts would caution students and conference attendees that with cyber-attacks, it was not a question of if, but when. That adage has now matured into a more modern version: There are only two types of companies — those who know they have been successfully compromised, and those that don’t know […] Posted on June 5, 2019 at 10:56 am The insider threat has become one of the biggest threats in the realm of cybersecurity. Despite the amount of risk posed by insiders, corporate executives often lack the awareness of the threat to adequately address it. That is why the Internet Security Alliance’s upcoming course on cybersecurity at the ABA Stonier Graduate Program at the […] Posted on May 30, 2019 at 10:06 am by Larry Clinton In 2016 the European Union enacted arguably the most stringent privacy law in the western world. Following a two-year transition, the law went into full effect last May. Although advocates had suggested the stringent penalties in the General Data Protection Regulation (GDPR) would deter individual privacy invasions and reduce market domination from […] Posted on May 28, 2019 at 11:26 am by Larry Clinton This week the board of directors of the European Confederation of Directors Associations (ecoDa) agreed to work with the Internet Security Alliance (ISA) on a European adaptation of the Cyber-Risk Oversight Handbook originally published by the National Association of Corporate Directors in the U.S. This agreement indicates further progress that corporate boards […] Posted on May 15, 2019 at 12:52 pm by Dan Lips The National Governors Association is meeting in Louisiana this week for its biannual cybersecurity summit. An important topic of consideration is how Washington can help state governments by harmonizing regulations. Doing so would let states focus their attention on confronting worsening cybersecurity threats, rather than answering federal auditors. “On any given day, […] Posted on May 14, 2019 at 10:17 am by Larry Clinton Kudos to Representatives Kathleen Rice (D) and John Katko (R) for their bipartisan legislation requiring Members of Congress to receive training in cybersecurity. Give congressional representatives an IT tool and they can secure the nation for a day — maybe. Teach Congress how to truly understand and manage cyber risk and we […] Posted on May 9, 2019 at 12:26 pm by Larry Clinton While much of the attention on President Trump’s upcoming visit to Japan will focus on North Korean nuclear issues, a critical, if under-reported, element of the visit will be to bolster U.S.-Japanese cyber defenses. In a speech to the Hudson Institute last week, U.S. Ambassador to Japan William Hagerty acknowledged the importance […] Posted on April 29, 2019 at 2:41 pm Internet-enabled crime was responsible for $2.7 billion in losses in 2018, according to the FBI’s annual Internet Crime Report. The data confirms industry concerns about growing cybersecurity threats. The FBI’s Internet Crime Complaint Center (IC3) reported an increase in the number of complaints from 301,580 in 2017 to 351,000 in 2018, or more than 900 […] Posted on April 26, 2019 at 11:30 am Supply chain has become the hot topic in cybersecurity inside the Beltway in recent months – and for good reason. The British Standards Institution just this week released a new report on the supply chain identifying cybersecurity as one of the greatest security threats within the supply chain. The federal government has also taken notice to […] Posted on January 28, 2019 at 9:00 am ISA appointed industry co-chair (DHS is government co-chair) of the Policy Leadership Working Group charged by DHS Asst. Secretary for Cyber Security Jeanette Manfra with articulating the details of a Collective Cybersecurity Defense Model the Trump Administration wants to promote for cybersecurity. Policy Leadership Working Group produces a joint government-industry white paper defining the Collective […] Posted on September 21, 2018 at 12:47 pm “Garbage in, garbage out.” For years, cyber risk assessments have often revolved around checklists of standards and practices that IT professionals can use to check off what they’ve done, but that model is insufficient, producing results that are hindering cybersecurity. ISA President Larry Clinton, at the Command and Control conference on Friday, September 21, called […] Posted on August 14, 2018 at 10:09 am When DHS Assistant Secretary for Cyber Security Jeanette Manfra addressed the hackers at the annual Las Vegas showcase for modern wizardry, she didn’t focus on standards and bots. She talked about how digitization changes everything and the need to look at cybersecurity through an economic lens. She got it exactly right. “For the first time […] Posted on January 2, 2018 at 11:05 am By Larry Clinton We all know we are losing the battle to secure cyber space – badly. Maybe our New Year’s resolution ought to be to recognize this fact and come up with a new approach to the problem. The old ones don’t seem to be working. Specifically, we should consider moving away […] Posted on October 2, 2017 at 11:28 am Sunsetting Cyber Awareness Month.blog.1017October 2, 2017 By Larry Clinton Raise your hand if you know anyone who is unaware that we have a cybersecurity problem. In a field where we are often desperate for any sign of success, I think we can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? […] Posted on September 1, 2017 at 12:11 pm By Jeff Brown “Information sharing” is one of the most powerful tools organizations can use against cyber threats that can erupt without warning and cause disruption worldwide. Once an organization—any organization, whether public or private sector—spots the tell-tale patterns of a new attack, alerting other organizations of these warning signs can help halt the spread […] Posted on July 17, 2017 at 10:37 am By Cindy Fornelli If you spend some time around the issue of cybersecurity, it won’t be long before you encounter the notion of resilience. “Cyber resilience is a public good,” observed a 2017 white paper from the World Economic Forum. A 2013 Presidential Policy Directive declared that “it is the policy of the United States […] Posted on June 29, 2017 at 10:00 am It appears the dust was just settling from the global impact of the WannaCry ransomware attack when a new culprit Petya (or not Petya) struck. Among the disturbing characteristics of these attacks is their vast international impact. Desperate for a silver lining, this happens to be a great backdrop for my previously scheduled briefing digital […] Posted on June 27, 2017 at 10:56 am Mergers and acquisitions are risky times. Headlines treat the combination of companies as job done after the announcement, but insiders know combining operations is no easy task. These days, add cyber risk to the list of prime considerations companies should weigh before, during, and after any M&A decision. Companies involved in transactions are often prime […] Posted on June 22, 2017 at 11:06 am Total cybersecurity is an unrealistic goal. Cybersecurity is a continuum requiring strategic decision-making about where and how to spend security dollars. Attempting to guard every system equally is a recipe for exhausting the budget on low-priority systems. And it’ll result in bad security, since the company’s crown jewels will lack the sophisticated protections they need. […] Posted on June 20, 2017 at 10:44 am Much like any response plan, a cybersecurity framework is only successful if it is well-staffed and well-funded. Otherwise, it simply will not be able to adequately handle the stresses caused by a breach. In a world where malware and ransomware are increasing both in frequency and severity – Wannacry, for example, affected 200,000 computers in […] Posted on June 19, 2017 at 12:56 pm Cyber literacy can be considered similar to financial literacy – not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business. As we all know, cybersecurity is very much a moving target. The threats and vulnerabilities change almost daily, and the […] Posted on June 14, 2017 at 10:24 am Boards of directors face several versions of risk from cyber breaches. Obviously, there is the risk of loss or manipulation of the data. There is also a risk of reputational loss. However, regardless of the actual data or reputational impacts boards need to be concerned about legal risks that can occur unrelated to the other […] Posted on June 12, 2017 at 11:35 am Last month President Trump issued an Executive Order on cybersecurity that called on all federal agencies to assess their status on information security and for the leadership to take steps required to mediate threats. Last week the Department of Health and Human Services (HHS) released its Healthcare Industry Cybersecurity Task Force report, which provides a […] Posted on June 2, 2017 at 12:07 pm It has now become clear that cyber-risk needs oversight at the board of directors level. The problem is that most corporate boards are comprised of “digital immigrants” — people not born into the digital world they now inhabit — and therefore need to learn how to understand cyber-risk. That educational process has been undertaken by […] Posted on May 31, 2017 at 11:00 am The NIST Cybersecurity Framework (NIST CSF) is one of the cornerstones – and most popular features – of US government policy to strengthen our nation’s cybersecurity. The hottest topic at the recent NIST workshop aimed at updating and refining the CSF was the development of metrics. Many experts believe that for the CSF to properly […] Posted on March 7, 2017 at 11:04 am For centuries, we’ve operated under the principle that nations are sovereign within their own borders, with traditional rules of war clearly stating that combatants need to be identifiable military targets. Acting on this principle, a functioning government has traditionally had to raise a force more powerful than any potential rival, either internally or externally, when […] Posted on February 27, 2017 at 11:20 am Let me spare you the suspense, because we don’t deserve one. Most people who have become aware of cybersecurity in the past few years think we are talking about credit cards, passwords, and firewalls. Really? I give these rookies a pass. The real fault lies which those of us, including myself, who have been toiling […] Posted on February 21, 2017 at 4:52 pm Individual experts offer good advice, but when many people agree on practical steps necessary for better cybersecurity, their consensus carries more weight, at least so long as cybersecurity lacks outcome-based, objective metrics. Accordingly, here are the most important things small and medium-sized organizations should do, according to a survey the Internet Security Alliance did of […] Posted on January 30, 2017 at 11:24 am While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data. […] Posted on November 30, 2016 at 11:54 am Those recognized by the National Association of Corporate Directors in its annual compilation of 100 most influential individuals and organizations have achievements in fields such as governance, transformation or oversight. Cybersecurity hasn’t typically figured among them – until recently. NACD is recognizing Internet Security Alliance CEO Larry Clinton for the second consecutive year in its […] Posted on September 6, 2016 at 12:36 pm On September 15, 2016, the Internet Security Alliance will publish a 400 page, 17 chapter, book containing 106 recommendations for the incoming Administration and Congress. One of the recommendations is that, frankly, we need to invest more in cyber defense. We are chasing a $500 billion to $1 trillion dollar a year issue with about […] Posted on June 25, 2016 at 12:31 pm While I don’t see, much if any, short term operational impacts to cyber security from the Brexit vote, I do think the vote underlines the need for the private sector develop strong partnerships to secure the cyber systems they own and operate independent from government structures. I feel pretty sure not a single UK voter […] Posted on May 27, 2016 at 12:40 pm By: Larry Clinton, CEO/President THE NEXT ADMINISTRATION NEEDS TO PICK UP THE PACE – A LOT – ON CYBERSECURITY The Pentagon’s 2015 annual report says that most DoD systems are subject to low to mid-level cyberattacks and our defense systems are basically subject to compromise whenever an adversary chooses to do so. If the world’s […] Posted on May 20, 2016 at 5:00 am By: Larry Clinton, CEO/President Last week, I commented that given we have spent much of the last decade developing a consensus on an overall approach to cybersecurity as articulated in both the House GOP Task Force on Cybersecurity and President Obama’s Executive Order 13636, the one thing we don’t need from the newly appointed President’s […] Posted on May 13, 2016 at 5:00 am By: Larry Clinton, CEO/PRESIDENT A wise person once said every great plan eventually dissolves into actual work. What we need right now is actual work on cybersecurity. We have spent much of the past decade, and particularly the last 5 years, coming to a consensus on the best approach to improve our overall cybersecurity. Back […] Posted on July 11, 2014 at 3:53 pm In November of 2013, Larry Clinton, the President and CEO of the ISA, traveled to India to speak about cyber security issues in the international context. Mr. Clinton traveled to Chennai, India where he spoke with T. K. Ramachandran, a member of the board of governors and the secretary of the ICT Academy of Tamil Nadu […] Posted on June 12, 2014 at 3:02 pm The National Infrastructure Protection Plan (NIPP) established a strategic direction for coordinating the nation’s critical infrastructure protection and resilience initiatives. The new National Plan built on the previous Plan from 2009, and reflects major changes in risk, policy, and operating environments, reflecting “a significant evolution in critical infrastructure risk policy.” This evolution reflects movement toward […] Posted on June 11, 2014 at 5:20 pm Released in 2009, the Cyber Space Policy Review was the Obama Administration’s assessment of U.S. policies and structure for cybersecurity. Drawing heavily from the Internet Security Alliance as a resource, the paper outlined a path forward to creating a reliable and resilient digital infrastructure. Covering resources including the Cyber Security Social Contract, white papers, and […] Posted on at 5:13 pm The Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security featuring DHS Secretary Janet Napolitano. The session allowed guests to engage with the DHS secretary in a robust question and answer session in a more intimate setting. The DHS Deputy Under Secretary for Cybersecurity for the […] Posted on at 4:58 pm In response to the February 2013 executive order released by President Obama, titled “Improving Critical Infrastructure Cybersecurity”, the National Institute of Standards and Technology (NIST) has undertaken the vital task of developing a new set of guidelines and standards to promote better cyber security practices in both the public and private sector. Known as the […] Posted on at 1:37 pm In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which formalized the Administration’s adoption of principals proposed by the Internet Security Alliance. The Executive Order departed from the regulatory model that the Administration previously embraced that would have granted the Department of Homeland Security extensive authority to mandate cyber security standards […] Posted on June 10, 2014 at 4:49 pm <h3>NACD asks ISA to create best practices guide for corporate board of directors</h3> The National Association of Corporate Directors (NACD) asked ISA to put together a guide of best practices for corporate directors. With input from the ISA Board of Directors, and in close collaboration with AIG, ISA was tasked to identify best practices in […] Posted on February 20, 2014 at 1:40 pm Click Here for Full Document EXECUTIVE SUMMARY – ASSESSING PRESIDENT OBAMA’S EXECUTIVE ORDER ON CYBER SECURITY Upon realizing that comprehensive cyber security legislation to address the nation’s growing cyber security problem was unlikely to pass the Congress, President Obama issued an Executive Order on the subject in February 2013. The Order marked a watershed moment […] Posted on October 11, 2013 at 12:41 pm ISA on CNBC On February 13, 2013, following the release of the Obama Administration’s Executive Order, CNBC’s “Power Lunch” asked ISA President Larry Clinton to appear on the show to discuss how the Executive Order will impact the private sector and solicit ISA’s view on its implications. To watch the segment, please proceed to ISA […] Posted on July 5, 2012 at 3:00 pm In an unusual move, the White House’s cyber security lead, the so called “Cyber Czar,” Howard Schmidt joined the ISA, ANSI, and the Santa Fe Group at the National Press Club for the launch of the ISA’s most recent publication in its Financial Risk Management Program: “The Financial Impact of Breached Protected Health Information – […] Posted on at 2:27 pm ISA’s long-standing efforts to create an economically viable and sustainable approach to cybersecurity reached a milestone following an unusually collaborative and non-partisan hearing before the House Energy and Commerce Subcommittee on Communications and Technology on February 8, 2012. After the hearing, Chairman Greg Walden (R-OR) and Ranking Member Anna Eshoo (D-CA) formed a bipartisan Task […] Posted on at 2:06 pm Since the crafting of the National Infrastructure Protection Plan (NIPP), the ISA has taken a lead role in seeking a viable partnership between government and industry to address the unique problems in defending integrated cyber systems against increasingly sophisticated attacks. ISA outlined a re-drafted model in its Cyber Security “Social Contract” (2008) and “Social Contract […] Posted on at 2:02 pm Starting in 2006, the ISA began its program on the Financial Management of Cyber Risk, which resulted in the first of its publications on this subject: “The Financial Impact of Cyber Risk – 50 Questions Every CFO Should Ask.” ISA’s and follow-up publication, “The Financial Management of Cyber Risk – An Implementation Framework for CFOs,” […] Posted on at 2:00 pm The World Institute of Nuclear Security (WINS) contacted the ISA in late 2011 for assistance in developing an incentive-based model for nuclear facility security that is global in scale. In conjunction with this request, ISA President Clinton, along with DHS Secretary Michael Chertoff, was asked to keynote the WINS international nuclear security conference in Vienna, […] Posted on at 1:55 pm Information sharing is one of the most important tools in implementing a sustainable system of cybersecurity. However, the traditional information sharing models have been proven generally to be of limited effectiveness in that many organizations cannot devote the resources to participate in an Information Sharing and Analysis Center (ISAC) and because many of the traditionally […] Posted on at 1:52 pm While many of ISA’s member companies are U.S.-based, virtually all of them are multi-national and operate internationally. Because of this and the nature of the problem, itself, ISA has always taken an international approach to cybersecurity (2 of the past 5 ISA Board Chairs have hailed from European headquartered organizations). Shortly after ISA reiterated and […] Posted on at 1:50 pm The ISA launched its first supply chain program in 2005, in conjunction with ISA Founding Partner Carnegie Mellon University. Since then, ISA has released a series of reports on managing the IT supply chain for security purposes with ever greater specificity. In 2007, ISA released its report with Carnegie Mellon on the nature of […] Posted on at 1:47 pm In the 112th Congress, a high-level task force convened by House Speaker John Boehner (R-OH) endorsed the approach laid out by ISA in the Cyber Security Social Contract. When the House GOP Task Force on Cyber Security convened, ISA was the first witness called to provide recommendations.The House Republican Task Force Report on Cyber Security, […] Posted on at 1:40 pm On June 6, 2012, the Internet Security Alliance hosted an invitation-only event at the White House on economic issues related to cyber security. DHS Secretary Janet Napolitano was the featured speaker, providing opening comments and engaged the invited guests in an open and robust question and answer session. Mark Weatherford, the DHS Deputy Under Secretary […] Posted on December 12, 2010 at 2:13 pm In the wake of the Gawker Media hacking over the weekend, Jeffrey Brown gets a wider perspective about the vulnerability of online information and the danger of further cyberattacks from James Lewis of the Center for Strategic and International Studies and Larry Clinton of the Internet Security Alliance. To view the video of this exchange, […]
THOUGHTS ON SECURITY BY DESIGN/DEFAULT FOR WORLD ECONOMIC FORUM
WHITE HOUSE SHOULD LOOK TO BOARD’S GUIDENCE ON AI AND CYBERSECURITY – PART 2
WHITE HOUSE SHOULD FOLLOW BOARD’S GUIDANCE ON NEW AI EXECUTIVE ORDER
THE KEY TO UNDERSTANDING SYSTEMIC CYBER RISK IS MARKET PENETRATION
COMMERCIAL ECONOMICS ARE INSUFFICIENT TO DEFEND CRITICAL INFRASTRUCTURE FROM CYBER ATTACKS
FOR THE CYBER PUBLIC-PRIVATE PARTNERSHIP TO WORK THE REGULATORY MODEL NEEDS TO BE REFORMED
DO CYBER REGULATIONS IMPROVE SECURITY? (SPOLIER ALERT: NO)
CYBERSECURITY REGULATION: DOING THE SAME THING AND FAILING
LESSONS PRIVATE SECTOR CAN TEACH THE GOVERNMENT ON FIGHTING CYBERCRIME
ONE WAY TO GET CYBERCRIMINALS TO FUND LAW ENFORCEMENT
WHAT CAN PINK DO FOR CYBER?
TIME TO MODERNIZE THE MILITARY’S ROLE IN CYBER CRIME DEFENSE
POSSIBLE MARKET INCENTIVE PROGRAMS TO PROMOTE SECURITY BY DESIGN AND DEFAULT
HOW CORPORATE BOARDS LOOK AT ARTICIFIAL INTELLIGENCE AND CYBER SECURITY (Part II)?
HOW DO CORPORATE BOARDS LOOK AT ARTIFICIAL INTELLIGENCE AND CYBER SECURITY?
HOW TO DO SECURITY BY DESIGN AND DEFAULT – 10 BEST PRACTICES
STOP BLAMING THE VICTIM: 7 PRINCIPLES SECURE BY DESIGN & DEFAULT
THE VIRTUAL CYBERSECURITY ACADEMY—FREE CYBERSECURITY FOR THE GOVERNMENT!
CREATING A VIRTUAL CYBERSECURITY ACADEMY SHOULD BE OUR TOP PRIORITY
THE MOST IMPORTANT ISSUE IN CYBERSECURITY DOESN’T GET THE ATTENTION IT DEMANDS
OMB CAN QUICKLY STOP REDUNDENT WASTEFUL HARMFUL CYBER REGULATIONS
BIDEN CYBER IMPLEMENTATION PLAN: GREAT FIRST STEP –STUMBLES ON SECOND STEP (PART 1)
TWENTY-FIVE WAYS TO ENHANCE CYBERSECURITY WITHOUT NEW REGULATIONS
STREAMLING CYBERSECURITY REGULATION: AN ELEGANT SOLUTION
Cyber Director Position Remains Vacant: ISA Urges a New Strategy for Cybersecurity
ISA APPLAUDS DOD EFFORTS TO HELP SMALL COMPANIES ON COLLECTIVE DEFENSE — MORE WORK ON INCENTIVES NEEDED
Congress Taking Steps to Address the Biggest Technological Threat of Our Time
QUESTIONS FOR THE BOARD TO CONSIDER IN USING AI
VIRTUAL CYBER ACADEMY WOULD SOLVE WORKFORCE ISSUE AND HELP REDUCE THE DEFICIT
CHINA BEATING US ON TECH STANDARDS – BIDEN NATIONAL STRATEGY NEEDED
RSA REPORT ON SECURE BY DESIGN — WE NEED AN HOV LANE
WHAT IS BEST FOR SEC ON CYBER? OLD STYLE REGS OR NACD MODEL?
INDEPENDENT REVIEW OF FIXING AMERICAN CYBERSECURITY
SEC NEEDS A CYBER MODEL THAT WORKS
The SEC: The Elephant in the New National Cyber Strategy
FIRST DO NO HARM: THE MANTRA FOR NEW CYBER REGULATION
WHY CYBER REGULATIONS IN NATIONAL STRATEGY MAY NOT WORK
THREE QUICK STEPS TO IMPLEMENT THE NATIONAL CYBER STRATEGY (NOT WHAT YOU THINK)
IS REGULATION THE ANSWER TO OUR CYBERSECURITY PROBLEM (PART I)
IS THE CYBERSECURITY PROBLEM ONE ABOUT TECH OR ECONOMICS?
US CYBERSECURITY – OLD PRACTICES, NEW VISIONS
From Pulitzer Prize winning author Byron Acohido on Last Watchdog.
THE (ONLY) PATH FOR THE US TO WIN THE DIGITAL WAR WITH CHINA
CAN THE US MATCH CHINA’S MILITARY-CIVIL FUSION MODEL? WILL IT?
Huawei is Just the Tip of the Spear in Digital Aggression
HUAWEI MAKES OFFERS YOU CAN’T REFUSE ADVANCING CHINA’S GOALS
CISA SAYS WE NEED A NEW CYBERSECURITY MODEL; THEY GOT THAT RIGHT!
CHINA’S DIGITAL STRATEGY IS THE THREAT BALLOONS & TIKTOK ARE TACTICS
CISA’s Todt, in foreword to new book, cites need for industry incentives and strengthened partnerships
FIXING AMERICAN CYBERSECURITY WITH A STRATEGIC PARTNERSHIP AND TOOL-KITS
INTERNET SECURITY ALLIANCE TOP 25 HIGHLIGHTS OF 2022
THE INTERNET SECURITY ALLIANCE (ISA)
MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles
As cyber attacks increase, here’s how CEOs can improve cyber resilience
ISA PROPOSAL FOR A VIRTUAL CYBERSECURITY NATIONAL SERVICE ACADEMY
TOP TEN REASONS FOR A VIRTUAL CYBERSECURITY SERVICE ACADEMY (Part 1)
THE CASE FOR A NATIONAL CYBERSECURITY ACADEMY, PART 2
THE CASE FOR A NATIONAL CYBERSECURITY ACADEMY, PART 1: A NATIONAL DEFENSE IMPERATIVE
IT IS TIME FOR A NATIONAL CYBER SERVICES ACADEMY
INGLIS PROPOSES CYBER SOCIAL CONTRACT: GREAT IDEA! NOW LET’S TALK TERMS
Regulation of Cybersecurity Has Been Tried and It Doesn’t Work
Playoffs Time: What Can Cyber Policymakers Learn from the NFL?
New Year’s Cyber Resolution: Modernize Cyber Law Enforcement
New Year’s Cyber Policy Resolution #1: Get Serious About Workforce Development
A NEW YEAR’S CYBER RESOLUTION: LET’S START TALKING ABOUT THINGS THAT REALLY MATTER
The Coronavirus Pandemic Has Created Novel Cybersecurity Challenges — But It May Also Give Us a Solution to the Cybersecurity Workforce Problem
Coronavirus Creates New Insider Cyber Threat and How to Treat It
ISA Board of Directors Offers Cybersecurity Best Practices for COVID-19 Crisis
Top Ten Reasons Why Cybersecurity Is Like Coronavirus
Cyber Principle Two for Boards: Know Your Legal Obligations
The First Principle of Cybersecurity — It’s Not an “IT” Issue
WHAT I HEARD AT THE G-20 CYBERSECURITY DIALOGUE THIS WEEK
What I’ll Tell the G20 Cybersecurity Dialogue Meeting in Riyadh Today
Solarium Commission Off to a Good Start: What’s Next (Part II)
ISA: Solarium Commission is Off to a Good Start, Now What?
Global Consensus of Industry to Address Cyber Reaches Asia, Is Government Far Behind?
U.S., German, and Latin American Boards and Cybersecurity: Similarities and Differences
WHAT CAN PINK DO FOR CYBER?
SOMETHING TO BE AWARE OF THIS OCTOBER
CYBERSECURITY COMES TO LATIN AMERICA
DHS Taking Steps in the Right Direction on Cyber Risk Management
Mandatory Cybersecurity Training for Congress: What Kind of Training?
Capital One Breach Highlights the Danger of Insider Threats
Accountability in Cybersecurity is a Two-Way Street
Regulators: Don’t Make the Same Cyber Mistakes Over Again
MAN BITES DOG: State Regulators Want Cyber Reg Reform
Brush with Greatness: A Chat with a Man Who May Be the Tipping Point Toward Effective Cybersecurity
Corporate Directors Take the Next Step on Cybersecurity: Where’s Congress?
We Need Sensible Cybersecurity Regulations – More Is Not Necessarily Better
Experts from GE and FIS Help Students Deal with the Inevitable: Cyber Attacks
Cyber Experts Will Help Wharton Students Address the “Most Vexing Challenge”
The EU Privacy Law is Not Working, But Why?
European corporate boards agree to create European adaptation of Cyber-Risk Oversight Handbook
Washington Can Help States Face Cybersecurity Threats by Harmonizing Regulations
Congress Needs Training in Cybersecurity — The Right Kind of Training
U.S.-Japanese Cyber Collaboration Needs to Include the Private Sector
Annual FBI Internet Crime Report Finds $2.7 Billion in Losses in 2018
Should we start regulating cybersecurity in the supply chain? Not so fast.
ISA Top 2018 Highlights
We need a new approach to cyber risk assessment
At DEFCON, DHS Gets it Right on Cyber – We Need to Rethink Incentives
Happy New Year: We Need a New Approach to Cybersecurity
Is it Time to Sunset Cybersecurity Awareness Month?
Enabling better Cybersecurity Information Sharing with Small and Medium-sized Partners
Cybersecurity and the Resilient Mindset
Petya Provides Context for Briefing Council on Foreign Relations
Maintaining Cybersecurity During Mergers & Acquisitions
Board Directors Need to Have Discussions on Which Risks to Avoid, Which Risks to Accept, and Which to Mitigate Through Insurance
Directors Need to Set the Standards and Expectations for Management to Establish Well-Staffed and Well-Funded Cyber-Risk Framework
Boards Need Access to Adequate Cybersecurity Expertise – And Need to Give it Adequate Time on Meeting Agendas
Boards Need to Be Aware of Evolving Cyber-Legal Landscape
HHS Points The Way Forward For Improved Cybersecurity
Cybersecurity Principle Number 1 for Boards – It’s Not Just About “IT”
Metrics? What Metrics? Finding the Missing Link to the NIST Cybersecurity Framework
Reform the Defense Supply Chain to Face the Realities of Conflict in the Digital Age
Why Isn’t There An Academy Awards Ceremony for Cybersecurity
Seven Basic Cybersecurity Measures As Revealed By Wisdom Of The Crowd
Movement in the Right Direction on Cyber Security
Cybersecurity Takes its Place in the Boardroom
10 Cheap Tricks to Improve Our Cybersecurity: Part I
IMPACT OF BREXIT VOTE ON CYBER SECURITY: Private Sector Needs To Act Responsibly
The Next Administration Needs To Pick Up The Pace
Government Needs To Get Its Own Act Together With Respect To Cybersecurity
Dear Cyber Commission, We Don’t Need a New Plan
Major Indian Trade Group Seeks Alliance with ISA
DHS Under Secretary Spaulding inserts ISA recommendations on cyber risk into new National Infrastructure Protection Plan
White House Releases “Cyber Space Policy Review” — ISA is Most Cited Source
ISA Hosts Conference on Cyber Security at White House Featuring DHS Secretary
ISA takes Lead Role in Construction of NIST Framework
Obama’s Cybersecurity Executive Order 13636
NACD Asks ISA For Best Practices Guide
ISA Criteria For Assessing The Cybersecurity Exec Order
Media Asks ISA To Comment On WH Cyber Order
“Cyber Czar” Praises ISA on Health Care Program
ISA Testimony Leads To Bipartisan Cyber Incentives Effort
ISA Leads Effort W/DHS To “Reboot” Ind-Govt Partership
ISA Briefs FDIC On ISA’s Financial Cyber Risk Program
ISA and Michael Chertoff Keynote World Nuclear Security Event
ISA Briefs Congress On Information Sharing
ISA Briefs NATO Cyber Centre For Excellence
ISA Releases Cyber Supply Chain Roadmap
House GOP Task Force Report On Cybersecurity Adopts ISA Recommend
ISA Hosts White House Event on Cybersecurity And Economy
Transcript: Is The Web Becoming Less Secure? – PBS News Hour