“Every company has embraced and realized the benefits of digitization, but have they calculated the risks along the way? Increasingly, security is becoming a top-of-mind topic among corporate leadership and ISA and ANSI have produced a document that cannot be ignored.”
- Melissa Hathaway, National Security Council Acting Director for Cyberspace for the Bush and Obama Administrations.
AN ENTERPRISE-WIDE APPROACH
ISA has always believed that cyber security is more than just an IT issue – it’s an enterprise-wide risk management issue.
ISA launched its effort to integrate business economics into cyber risk management in 2006 through its Financial Management of Cyber Risk Program, which lead to the publication of the “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask.”
Since then, ISA has continued to develop its enterprise-wide approach to cyber security with publications such as “The Financial Management of Cyber Risk: An Implementation Framework for CFOs,” and “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.”
Independent research by firms, such as PricewaterhouseCoopers (click here for report) and others, has been demonstrating a steady movement in the direction ISA has been advocating.
ISA is presently continuing this program with a nation-wide series of workshops analyzing the evolving of cyber risk management in the defense industrial base, the IT industry and the financial services industry.
Additionally, ISA publications are now in use at major universities including Harvard, Loyola and the University of South Carolina. They are also being used by major accounting and auditing organizations to assist organizations in improving their financial analysis of cyber risk and in response to the U.S. Securities and Exchange Commission’s (SEC’s) advisory on cyber threats.