ISA Takes Action

ISA Top 25 Achievements in 2015

 

  1. PricewaterhouseCoopers releases its annual Global Information Security Survey and cites “Cyber Risk Handbook, prepared by ISA, AIG & NACD for having a substantial impact on how corporate boards are now addressing cyber security. PWC reports “Boards appear to be listening to this guidance (i.e. the NACD Handbook). This year we saw a double-digit uptick in Board participation in most aspects of information security. Respondents said this deepening Board involvement has helped improve cybersecurity practices in numerous ways. It may be no coincidence that, as more Boards participate in cybersecurity budget discussions, we saw a 24% boost in security spending. Other notable outcomes cited by survey respondents include identification of key risks, fostering an organizational culture of security and better alignment of cybersecurity with overall risk management and business goals. Perhaps more than anything, however, Board participation has opened the lines of communication between the cybersecurity function and top executives and directors.”
  1. ISA-supported legislation on information sharing passed the House and Senate and is included in “must pass” omnibus spending now pending before Congress. The President has said he will sign the legislation which follows the “Social Contract” model first pioneered by ISA in 2008 which replaces government mandates with market incentives, in this case liability benefits, to promote improved cyber security.
  1. ISA President Larry Clinton is identified as one of the 100 most influential people in the field of corporate governance by the National Association of Corporate Directors. ISA is the first organization that focuses on cyber security ever to have received this honor from the NACD
  1. ISA launched initiative to develop the ISA Social Contract 3.0 which will provide cybersecurity thought leadership for the incoming 2016 administration. The focus of the book is to have each of the 11 sectors represented on the ISA board create a chapter that answers the question: If you had 10 minutes to advise the new President on cyber security specific to your sector, what would you say? A second section dealing with transcending issues will include chapters on corporate boards, auditing, privacy, public-private partnerships and international issues.
  1. In partnership with the world’s second largest law firm DLA Piper, ISA launched the CyberTrak service. CyberTrak, a one-stop-shop for cyber security laws and regulations for 23 key markets around the world, was designed by the ISA board to lower costs for multi-jurisdictional companies in complying with cyber regulations. The service is free to ISA sponsors and will be sold to non-sponsors for a $25,000 subscription. Following its launch, the Washington Post published a feature article exclusively on CyberTrak which detailed its benefits and the need for such a service which simplifies compliance in today’s overly complicated global market. CyberTrak was featured at RSA 2015 during a panel on Cybersecurity Laws and Regulations from around the world featuring ISA President Larry Clinton. ISA launched work to map the laws and regulations included in CyberTrak to international standards including ISO 270001 and NIST. This mapping also includes a gap analysis indicating when compliance with ISO either falls short of, or goes above and beyond compliance with international regulations.
  1. The National Association of Corporate Directors (NACD) requests ISA develop a certificate generating training program for corporate boards based on the Principles outlined in the Handbook for Corporate Directors ISA created for NACD in 2014. ISA Board meets privately with NACD CEO Ken Daly who thanked and congratulated the ISA board on the work it is doing to raise cyber security issues to the board level and commented that ISA was NACD’s “go to” organization for cyber security. First training program will be June 9 in Chicago.
  1. ISA fills two of ten spots on an elite working group organized by former RSA CEO Art Coviello charged with reimaging privacy and security to bridge the gap between the two communities on public policy. In addition to ISA President Larry Clinton and ISA board Vice Chair JR Williamson the other members of the panel are: Admiral Mike Mac Connell, Former Director of National intelligence; Robert Mueller, Former Director, Federal Bureau of Investigation (FBI) Michael Chertoff, Former Secretary Department of Homeland Security (DHS); Stewart Baker, Former General Counsel, National Security Agency (NSA); Art Coviello, Former Chairman, RSA Nuala O’Connor, President & CEO, Center for Democracy and Technology ; Trevor Hughes, President and CEO, International Association of Privacy Professionals (IAPP); Ann Cavoukian, Former Information and Privacy Commissioner for the Canadian Province of Ontario.
  1. ISA launches its European affiliate the Internet Security Alliance For Europe (ISAFE). Former Vodafone Global Security Director Richard Knowlton agrees to lead the effort. ISAFE has already launched a daily brief modeled on the ISA version, engaged the EU version of the NACD to develop an EU version of the Corporate Directors Cyber Risk Handbook and has engaged literally dozens of prospective EU based companies supporting the Cyber Security Social Contract as the model the EU ought to move toward.
  1. Center for Audit Quality (board consisting of the CEOs of the major audit firms) joins the ISA as a sponsor. CAQ joins ISA specifically to work collaboratively on how the audit process ought to be refined to make it more appropriate to the digital age than the current finance-based “check the box” model.
  1. ISA attends President Obama’s Cyber Security Summit in Palo Alto, CA.
  1. DHS and Partnership for Critical Infrastructure (PCIS) agrees to Memo of Understanding including a series of best practices for operating partnership programs. The best practices were developed based on work led by ISA through its Chairmanship of the IT Sector Coordinating Council and proposed by ISA President Clinton to the PCIS which has endorsed them on behalf of all 11 critical industry sectors.
  1. ISA delivers the industry keynote at the first meeting of the Cybersecurity Forum for Independent and Executive Branch Regulators consisting of the SEC, FTC, FCC, NRC, FRB, NAIC, FERC, Federal Financial Institutions Examination Council (FFIEC) and the Financial and Banking Information Infrastructure Committee (FBIIC). ISA was asked to present on cyber risk oversight as a board room issue and to address the lack of incentives for adapting best practices for increasing security called for in the president’s executive order. Following the keynote, Barry Westreich, Staff Director for the Federal Interagency Cybersecurity Forum met privately with the ISA board to discuss the Interagency Forum’s plans and solicit ISA board thoughts for how they ought to proceed. ISA President Clinton then met privately with Admiral David Simpson, Chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau to discuss the FCC’s involvement and priorities in the Regulator’s Forum.
  1. DHS asks ISA to present industry key-note at the first Information Sharing and Analysis Organization (ISAO) public meeting following the release of EO 13691 on Information Sharing. The EO was built on the foundational principles laid out in the Social Contract 2.0 published in 2009 where ISA called on the administration to rethink the sector-based model for information sharing. White House senior advisor for cyber security, Ari Schwartz then briefed the ISA board of directors privately discussing the ISAO initiative and the need for increased law enforcement on cyber security.
  1. ISA President Larry Clinton is designated as the working group leader for the Washington Board of Trade conference session on cyber security for Corporate Directors. The working group session focused on voluntary, principles-based framework for corporate board-level cyber-risk oversight.
  1. ISA President Larry Clinton invited to testify before the House Science, Space, and Technology Committee on what the government can learn from the private sector regarding managing cyber breaches.
  1. ISA met privately with Chairman of the Senate Homeland Security Committee Ron Johnson wherein he supported an ISA amendment on incentives to the Cybersecurity Information Sharing Act (CISA). Following the passage of CISA, which follows ISA incentive model, in the Senate, the ISA board met privately with House Homeland Security Chairman Mike McCall to discuss strategy for moving CISA legislation through conference committee.
  1. White House Administration National Security Council staff holds a private briefing for ISA on the President’s upcoming initiatives in Cybersecurity, Executive Order 13691, . ISA was able to provide membership with the details of the Executive Order a full month before The Administration was due to release it publically.
  1. ISA Chaired the Communication Security Reliability and Interoperability Council’s (CSRIC) Working Group 4 Report on barriers and incentives for implementing the NIST Framework. The ISA drafted report was submitted to the FCC where it received high praise from FCC Commissioner Wheeler and the Communications Sector as a whole.
  1. ISA keynotes NIST Framework anniversary event at the National Press Club alongside Senator Ron Johnson where ISA discussed the work that has been done with the NIST Framework since its release and what work – particularly on incentives — still needs to be accomplished by the government.
  2. ISA board meets with NIST Framework staff to provide ISA input on what NIST should do at this stage of the Framework. NIST released draft of a Request for Information, including ISA input, in December
  1. ISA Chairman (GE) Tim McKnight, President Larry Clinton, ISA Director (Vodafone) Richard Knowlton and ISA Director (Verizon) Marc Sachs were featured speakers National Association of Corporate Directors (NACD) Global Cyber Event in Washington which featured the Cyber Security Handbook prepared by the ISA board of directors.
  1. ISA meets at the White House with staff of US Trade Representative established under Presidential Executive Order, which seeks ISA’s help fighting intellectual property theft from nation states. ISA is able to provide multiple useful pieces of evidence to assist the effort. ISA board meets with representatives of the US Trade Representative office to discuss implementation of President’s Executive Order focused on stopping nation state based cyber-attacks that steal private IP.
  1. Centene Corporation, Starbucks, Ernst and Young, Utilidata, and the Center for Audit Quality join the ISA Board.
  1. ISA met privately with key national policy makers including: White House Cybersecurity Coordinator Michael Daniel; House Armed Services Subcommittee on Emerging Threats Chair Joe Wilson; Assistant Secretary for Cybersecurity at DHS Dr. Andy Ozment; House Science, Space and technology Committee Chair Lamar Smith; House Homeland Subcommittee on IT Chair Will Hurd; House Homeland Subcommittee on Cybersecurity Chair John Ratcliffe.
  1. Included in ISA outreach, some of the events ISA participated in included: International Security Management Association (ISMA) conference in Paris; RSA panel on insurance and streamlining regulatory compliance practices; RSA Panel on Cybersecurity Laws and Regulations from around the world; NY Stock Exchange conference on cyber security and corporate board; Key Note Address for the Open Group Annual conference in Baltimore Maryland ; Keynote at US Northern Command Conference in New Orleans; Larry Clinton was the featured speaker at the inaugural meeting of the Rhode Island Cyber Security Commission, Chaired by ISA Board member Scott DePasquale; National Association of Corporate Directors (NACD) Strategy and Risk Forum in San Diego on the cyber threat; NYU conference on international risk; Larry Clinton represented private sector in speech to annual DHS IT/Communications “Quad Meeting” focused on cyber resilience; Keynote address during the American Bankers Association Webinar on Cyber Risk Oversight; keynote address at the Public Health Information (PHI) Forum summit in Anaheim California; keynote Delloite’s Enterprise Cyber Risk conference Mexico City

Some of the Press ISA was featured in include: BBC interview Immediately following President Obama’s state of the union address to discuss the president’s initiatives on cybersecurity; Politico; USA Today; Washington Post; NBC; CNN; CBS; Inside Cybersecurity.

TOP 25 ISA Achievements in 2014

TOP 25 ISA Achievements in 2013