Top 25 ISA Accomplishments in 2014

Top 25 ISA Highlights 2014

• ISA Board approves new 3-year business plan (2014-2016) establishing new projects to fulfill organizational goals. 1) Create a widely accepted program for cyber security among corporate boards; 2) Maintain and expand public policy in Administration and Congress; 3) Expand international outreach 4) Create “Cyber Trak” product to simplify and reduce corporation’s with legislative and regulatory compliance; 5) Develop tool with CMU to clarify prioritization and cost effectiveness of NIST Framework.

• National Association of Corporate Directors (NACD) and AIG select ISA to create a handbook for corporate cyber security. Three quarters of ISA board collaborate to create the publication

• NACD releases handbook for cyber security practice by corporate boards at its first ever conference devoted exclusively to cyber security. ISA sponsors participate in 4 of 5 panels at NACD conference.

• US Department of Homeland Security endorses the NACD handbook created by ISA making it the first and only private sector publication to be featured on the DHS website

• Institute for International Auditors produces detailed guidance for corporate boards on cyber security based on the 5 Principles detailed in the NACD Handbook ISA prepared.

• Multiple independent organizations endorse the Handbook for Corporate Directors including the US Chamber of Commerce, American Bankers Association and Communications Security, Reliability, and Inoperability Council (CSRIC).

• USA Today publishes guest column by ISA President “Cyber Security in the Boardroom” as part of their special section on cyber security (Sept. 19).

• ISA initiates new program in coordination with Korn Ferry and Vicinage Corp. to increase cyber security expertise on corporate boards.

• President Obama’s senior cyber policy advisor, Michael Daniel, writes to ISA “in recognition of its leadership in the crafting and developing of the President’s Executive Order,” and invites ISA to the White House for the official release of the NIST Framework and discussion of next steps. Mr. Daniel assures that the Administration will seek no new regulatory authority for cyber security and will focus more on the economics of cyber security.

• As follow up, ISA asked to meet privately with senior WH staff Ari Schwartz and Samara Moore at WH Conference Center to discuss Framework and Voluntary Program rollout and work on incentives.

• ISA releases detailed analysis of progress on President’s Executive Order on cyber security. ISA praises the deregulatory approach taken by the President and NIST process but calls for greater work to be done setting clear goals, demonstrating cost effectiveness, systematically testing the Framework and greater attention to sophisticated attacks.

• ISA asked to participate in joint industry government ad hoc working group designed to set goals and expectations for the implementation of the NIST framework. In addition to ISA, representation comes from the White House, DHS, Treasury, DOE, DOD, NIST, FCC as well as industry representatives from US Chamber, ITI, US Telecom, NCTA

• ISA Board approves proposal from Carnegie Mellon University for joint project to assess cost-effectiveness of NIST Framework in a manner consistent with President Obama’s Executive Order on cyber security.

• Partnership for Critical Infrastructure Security (PCIS) — the coordinating body for all 18 critical industry sectors—endorses best practices for managing the public private partnership developed by the ISA led committee under the IT SCC. PCIS agrees to propose these best practices be included in a Memo of Understanding between DHS and PCIS to implement the new National Infrastructure Protection Plan (NIPP)

• DHS accepts ISA crafted, and PCIS endorsed best practices as part of Memo of Understanding for operating the public private partnership under the National Infrastructure Protection Plan

• ISA Chairs Annual meeting of the IT Sector Coordinating Council (IT SCC) and is re-elected to the Executive Committee of the IT SCC

• ISA appointed to Co-Chair for the Federal Communications Commission’s Communications Security Reliability and Interoperability Council (CSRIC) Working Group on Barriers, Challenges and Incentives charged with adapting current telecom cyber security practices to the NIST Framework and creating a new collaborative voluntary model for industry and government.

• Congress approves, and President Signs, several bills that ISA has endorsed on cyber security. Legislation embracing ISA’s liability incentive model to promote information sharing is passed by the House and Senate Committee but doesn’t get through Senate

• ISA board approves business plan for Internet Security Alliance For Europe (ISAFE) as a coalition (launch as an association is planned for Q2 of 2015). Director Knowlton of Vodafone agrees to lead the organization and recruits several prominent EU based companies as prospective members. ISA begins providing its first international service (daily ISAFE bulletin) that now has over 100 subscribers.

• ISA (Knowlton and Clinton) participate in joint EU/US meetings in Brussels to discuss coordinating EU and US approaches on cyber security. ISA commits to provide input to EU officials specifically on improving corporate board and small and mid-sized company cyber security based on ISA publications on these topics. ISA President Clinton and Director Ngyuen of CSG met with Steve Purser of ENISA European Union Network and Information Security Agency in Nice France

• ISA President invited by Council on Foreign Relations to small, salon dinner with Vice Rear Admiral Michael Rogers, head of NSA & US Cyber Command to discuss developing US cyber policy in the wake of the Snowden disclosures.

• ISA signs collaboration agreement with the Cyber Security Council-Germany (CSCG). CSCG sends 11-member delegation to ISA fall board meeting and conducts joint meeting with ISA and DHS Dept. Under Secretary for Cyber Security Phyllis Schneck. ISA President Clinton met with Ambassador Heiamin of the German National Academy for Security Policy and other German officials to discuss greater German-US cooperation on cyber security in Berlin

• The ISA board met with privately with a wide variety of key government officials to help craft cyber security policy including White House senior advisors on cyber security Michael Daniel and Ari Schwartz; US Asst. DHS Deputy Under Secretary for Cyber Security Dr. Phyllis Schneck; Treasury Deputy Secretary charged with cyber security Sarah Bloom Raskin; Asst. Attorney General John Carlin; Department of Energy CIO Robert Brese; Assistant Director FTC Division of Privacy and Information Sharing Mark Eichorn; FBI Deputy Assistant Director Jim Trainor; GSA Senior Cybersecurity Advisor Emile Monette; Two board members Rachel Brand and Beth Cook, the General Council Peter Winn as well as the CIO of the US Privacy and Civil Liberties Oversight Board (USPCLOB); NIST Framework drafting lead Adam Sedgewick and his staff; Jenny Menna DHS Director for public policy integration

• ISA continued to be a leading public voice for an intensified, market driven, enhancement of public and private cyber security including being featured in hundreds of print and radio, TV and Internet media including The Wall street Journal, The Washington Post, USA Today, Congressional Quarterly, Politico, CNBC, CNN, & CNN International