The ISAlliance Integrated Security Services Program
 

Compliance can no longer be viewed in isolation. As a result, ISAlliance is providing its members with exclusive reports and seminars which integrate the legal, operational, technical, and policy dimensions on the below topics.

Pictured above with ISAlliance Treasurer Dr. Vidyasagar, Tata EVP (far right), are two of the lead contributors in this program: Jody Westby,  CEO of Global Cyber Risk (center) and Rhonda MacLean, CEO MacLean Risk Partners [both contributors are Distinguished Fellows at Carnegie Mellon University].

The Enterprise Integration Program is a vehicle to break down intra-organizational and professional discipline barriers to increasing security and revenue growth. 

The ISAlliance provides quarterly reports on the following compliance topics:

1. Outsourcing Risk Management (November 2006) 
2. Electronic Discovery (February 2007)
   
3. Security Breach Notification (July/August 2007)
4. Privacy (January 2008)
   
5. Auditing (TBA)
6. Security Incident Handling (TBA)

In addition to the comprehensive reports, each topic is supported via a webinar series that explores each of the four perspectives separately.

In 2007-08, the EIP will also address the following topics:

1. Governance:  Boards of directors, officers, and senior management must now assume a more central role in the development and maintenance of their privacy and security programs.  Their responsibility for oversight in these areas has grown with increased awareness of business continuity, a rise in economic espionage, and increased reputational risks associated with security breaches and notification requirements. This Alert will focus on the role and fiduciary responsibilities of personnel in governance positions over privacy/security and the technical tools that can assist with oversight functions and decision-making.  It will leverage operational/policy resources from the Tepper School of Business. 
2. Economic Espionage: Today, cyber security attacks are more sophisticated and are increasingly targeted at confidential and proprietary information.  Prosecution under the Economic Espionage Act of 1996 (EEA) is dependent upon certain protective actions having been taken prior to the information being stolen or breached. These actions must be reflected in an organization’s policies and procedures.  The detection and prevention of digital economic espionage can be greatly enhanced through the use of certain technologies.  This Alert will discuss the legal thresholds of the EEA, important policies and procedures, and technical tools.
3. Employee Monitoring:  Monitoring employee use of IT resources for compliance with policies and procedures and detection of privacy/security breaches is becoming increasingly important, but it is also fraught with legal considerations.  Some jurisdictions restrict employee monitoring or require clear consent.  Labor contracts may also prohibit the surveillance of workers.  These legal considerations impact which technical solutions may be deployed as well as organizational policies and procedures. Indeed, some technical solutions may, through their use, increase an organization’s risk instead of mitigating it.  This Alert will explore the legal issues associated with employee monitoring, technical solutions and pitfalls, and operational/policy considerations.

   The Internet Security Alliance provides an email subscription service which enables you to easily subscribe to information that is of interest to you. This service is free and creating your custom subscriber profile is fast and easy! Please click HERE to create your subscriber profile now.