-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
1/13
Larry ClintonPresident
Internet Security
[email protected]
202-236-0001
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
2/13
ISA Board of Directors
Ty Sagalow, Board Chair; President Innovation Division
ZurichInsurance
Mike Hickey, Board Vise Chair, VP Government Affairs and
NationalSecurity Verizon Corp.
Ken Silva, Chief Security Officer, VeriSign Tim McKnight, VP
& CSO Northrop Grumman Jeff Brown, CISO Information Security
Raytheon Charlie Croom, VP Cyber Security Solutions, Lockheed
Martin Eric Guerrino, CIO, Bank of New York/Mellon Financial
Pradeep Khosla, Dean, School of Computer Sciences Carnegie Mellon U
Lawrence Dobranski, Chief Security Manager, Nortel Mark Antony
Signorino, Director of Technology National Association of
Manufacturers Joe Buonomo, President/CEO Direct Computer
Resources Inc.
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
3/13
Our Partners
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
4/13
Recent research on cyber
security ---not too good
29% senior exec dont know how many cyber events
theirorganizations have suffered
50% senior execs dont know how much money they havelost from
attacks
Only 59% of orgs have an overall security policy dont know
source of security incidents Only 43% monitor compliance w/security
policy Only 55% use encryption 1/3 dont use firewalls Only 22% keep
an inventory of outside party data use
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
5/13
ISA Mission
Integrate technology with
economically practical business
considerations and public policy tocreate a sustainable system
of cyber
security
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
6/13
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
7/13
2009 ISA Priority Projects
1. Create a Cyber Security Social Contract betweenbusiness and
government to provide marketincentives for improved security
2. Develop Best Practices for financial riskmanagement of cyber
incidents
3. Create a framework for managing conflictinglegal structures
and unified communications tech.
4. Develop standards to secure the VOIP platform5. Framework to
secure the IT supply Chain
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
8/13
Policy: Social Contract
Recommendations to Obama Administration Lead Incentives
Committee for DHS Cross Sector
Cyber Security working Group
Appointed to GAO Experts Panel to critique theNational Strategy
to Secure Cyber Space forhouse Committee on Homeland Security
Adoption of ISA incentive policies by IT and CommSector
Coordinating Councils
Recommendations to NSC 60-day cyber review
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
9/13
Securing the VOIP Platform
National Institute of Standards & Technology/ISAlliance
partnerto develop SCAP platform for VoIP
ISA panel presentation at NIST Automated Security
Conference:John Nagengast, Executive Director, Strategic
Initiatives, AT&T,
Ben Halpert, Chief Information Security Officer, Lockheed
MartinLawrence Dobranski, Leader, Advanced Security Solutions,
Nortel
ISA Open Workshop at NIST Automated Security Conference ISA
Project Management committee formed
Applicability & Baseline Standards work groups formed with
Co-ChairsTravis Schack, Director, Threat & Vulnerability
Management Program, ColorodoGreg Pulos, Sr. VoIP Engineer,
Department of Commerce
Deliverables will be presented at 2009 NIST Automated
SecurityConference
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
10/13
20 century laws vs. 21st
century technology
Many laws (ECPA, 1986; Computer Fraud and AbuseAct, 1994; CALEA
1996) have laudable goals but dont
fit modern technology
E.g. to protect vs. malware in unified communicationssuch as
VOIP, packets must be captured, filtered and
analyzed which collide with prohibitions on
interception and monitoring
IP telephony = common carrier ? Confusion retards technology and
economy ISA launched study analyze current laws, recommend
how corporations should manage and govt. reform
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
11/13
Financial Management of
Cyber Risk
Grows out of 911 Commission Report andSubsequent legislation
DHS Requested ISA and ANSI collaborate 3 conferences 100
participants from industry
government and academia
Phase I Publish Financial Impact of Cyber Risk: 50Questions
Every CFO Should Ask Winter 08
Phased II Kick off w/ANSI NIST 2nd 09
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
12/13
ISA Supply Chain Project
18 months long (start fall 07) Focus on firmware Carnegie Mellon
University and Center for CyberConsequences Unit 3 conferences 100
Gov., Industry and Academic participants Results are strategy and
framework provided to
USG for NSC 60-day review of cyber policy
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for
Ed Stull
13/13
Larry ClintonPresident
Internet Security Alliance
[email protected]
202-236-0001
