Upload
isalliance
View
217
Download
0
Embed Size (px)
Citation preview
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
1/19
Larry Clinton
President
Internet Security [email protected]
703-907-7028 (O) 202-236-0001 (C)
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
2/19
ISA Board of Directors
Ty Sagalow, Esq. ChairPresident Innovation Division, ZurichTim McKnightSecond V Chair,
CSO, Northrop Grumman
Ken Silva, Immediate Past Chair. CSO VeriSignGen. Charlie Croom (Ret.) VP Cyber Security, Lockheed MartinJeff Brown, CISO/Director IT Infrastructure, RaytheonEric Guerrino, SVP/CIO, bank of New York/Mellon FinancialLawrence Dobranski, Chief Strategic Security, NortelPradeep Khosla, Dean Carnegie Mellon School of ComputerSciences
Joe Buonomo, President, DCRBruno Mahlmann, VP Cyber Security, Perot Systems
J. Michael Hickey, 1st Vice ChairVP Government Affairs, Verizon
Marc-Anthony Signorino, Treas.National Assoc. of Manufacturers
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
3/19
Our Partners
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
4/19
RECENT SUCCESSES
Membership Development---ISA Sponsors(top level70K) increased 33% in past 12months
Alter Public Policy----ISA Social Contractis first document cited by pres. Obama---cites 13 ISA Policy Papers
Program Growth---Supply Chain, RiskManagement, VOIP, Legal Compliance,Education
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
5/19
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
6/19
Internet Security Alliance Priority
Projects
1. Public Policy: The Cyber Security SocialContract: Recommendations to Obama
2. Financial Risk Management of CyberEvents
3. Securing the Globalized IT Supply chain4.
Securing the Unified CommunicationsPlatform
5. Modernizing Law in the Digital Age
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
7/19
Releasing the Cyber Security Social ContractNovember, 2008
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
8/19
Cyber Social Contract
Similar to the agreement that led to publicutility infrastructure dissemination in 20th
century
Infrastructure development through marketincentives
Consumer protection through regulation Gov role to motive is more creative
harder
Industry role is to develop practices andstandards and implement them
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
9/19
President Obamas Report on
Cyber Security (May 30 2009) The United States faces the dual challenge of
maintaining an environment that promotes efficiency,
innovation, economic prosperity, and free trade while
also promoting safety, security, civil liberties, and
privacy rights. (Presidents Cyber Space Policy
Review page iii)
Quoting from Internet Security Alliance CyberSecurity Social Contract: Recommendations to theObama Administration and the 111th Congress
November 2008
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
10/19
President Obamas Report on
Cyber Security (May 30, 2009) The government, working with State and local partners,
should identify procurement strategies that will incentivize
the market to make more secure products and servicesavailable to the public. Additional incentive mechanisms
that the government should explore include adjustments to
liability considerations (reduced liability in exchange forimproved security or increased liability for the
consequences of poor security), indemnification, taxincentives, and new regulatory requirements and
compliance mechanisms. Presidents Cyber Space Policy
Review May 30, 2009 page v
Quoting Internet Security Alliance Cyber Security SocialContract: Recommendations to the Obama Administration
and 111th Congress
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
11/19
Securing The IT Supply ChainIn The Age of Globalization
November, 2007
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
12/19
Securing the IT Supply Chain
The challenge with supply chain attacks is that asophisticated adversary might narrowly focus on
particular systems and make manipulation virtually
impossible to discover. Foreign manufacturing does
present easier opportunities for nation-state
adversaries to subvert products; however, the same
goals could be achieved through the recruitment of
key insiders or other espionage activities. ----
Presidents Cyber Space Policy Review May 30,
2009 page 34
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
13/19
Developing SCAP Automated Security &Assurance for VoIP & Converged Networks
September, 2008
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
14/19
ISA Unified Communications Legal
Compliance Analysis (June 2009)
1.Descibes available UnifiedCommunications (UC) Technologies
2. Describes Security Risks of Deployment
3. Inventory of Laws to be considered predeployment
4. Analysis if ECPA creates a legal barrier to
deployment5 Toolkit for lawyers and clients to assist in
avoiding exposure from deployment
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
15/19
Financial Impact of Cyber RiskOctober, 2008
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
16/19
The need to understand business
economics to address cyber issues If the risks and consequences can be assigned
monetary value, organizations will have greater
ability and incentive to address cybersecurity. In
particular, the private sector often seeks a business
case to justify the resource expenditures needed for
integrating information and communications system
security into corporate risk management and for
engaging partnerships to mitigate collective risk.
Government can assist by considering incentive-
based legislative or regulatory tools to enhance the
value proposition and fostering an environment thatencourages partnership. --- Presidents Cyber
Space Policy Review May 30, 2009 page 18
Fi i l M t f b
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
17/19
Financial Management of cyber
Risk
It is not enough for the information technologyworkforce to understand the importance of
cybersecurity; leaders at all levels of government and
industry need to be able to make business and
investment decisions based on knowledge of risks
and potential impacts. Presidents Cyber Space
Policy Review May 30, 2009 page 15
ISA-ANSI Project on Financial Risk Management ofCyber Events: 50 Questions Every CFO should Ask
----including what they ought to be asking their
General Counsel and outside counsel. Also, HR, Bus
Ops, Public and Investor Communications &
Compliance
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
18/19
ISAs New 3-year Plan
Expand the social contract idea Continue current priorities, financial risk
management, supply chain, VOIP, legal
compliance assistance
New Areas for consideration:Develop International Partnerships
Smart Grid Enterprise Education Program
7/31/2019 2009 09 24 Larry Clinton CIONet Belgium
19/19
ISA CIO-Net Proposal
ISA assists CIO-Net in developing EUversions of ISA Programs (CIO Net paysISA expenses
CIO-Net gets rights to sale and newmembers from ISA-based programs
CIO-Net sponsors ISA at 20% discount CIO-Net members get 20% discount ISA ISA develops new proj w/CIO-Net (e.g.
Enterprise Education and shares revenue)