Larry Clinton President Internet Security Alliance lclinton@isalliance.

org 703-907-7028 202-236-0001

ISA Board of Directors

Ty Sagalow, Board Chair; President Innovation Division Zurich Insurance
Mike Hickey, Board Vise Chair, VP Government Affairs and National Security Verizon Corp.
Ken Silva, Chief Security Ofcer, VeriSign
Tim McKnight, VP & CSO Northrop Grumman
Jeff Brown, CISO Information Security Raytheon
Charlie Croom, VP Cyber Security Solutions, Lockheed Martin
Eric Guerrino, CIO, Bank of New York/Mellon Financial
Pradeep Khosla, Dean, School of Computer Sciences Carnegie Mellon U
Lawrence Dobranski, Chief Security Manager, Nortel
Mark Antony Signorino, Director of Technology National Association of Manufacturers
Joe Buonomo, President/CEO Direct Computer Resources Inc.

Our Partners

Recent research on cyber security ---not too good

29% senior exec dont know how many cyber events their organizations have suffered 50% senior execs dont know how much money they have lost from attacks Only 59% of orgs have an overall security policy dont know source of security incidents Only 43% monitor compliance w/security policy Only 55% use encryption 1/3 dont use firewalls Only 22% keep an inventory of outside party data use

ISA Mission
Integrate technology with economically practical business considerations and public policy to create a sustainable system of cyber security

2009 ISA Priority Projects

1. Create a Cyber Security Social Contract between business and government to provide market incentives for improved security 2. Develop Best Practices for financial risk management of cyber incidents 3. Create a framework for managing conflicting legal structures and unified communications tech. 4. Develop standards to secure the VOIP platform 5. Framework to secure the IT supply Chain

Policy: Social Contract

Recommendations to Obama Administration Lead Incentives Committee for DHS Cross Sector Cyber Security working Group Appointed to GAO Experts Panel to critique the National Strategy to Secure Cyber Space for house Committee on Homeland Security Adoption of ISA incentive policies by IT and Comm Sector Coordinating Councils Recommendations to NSC 60-day cyber review

Securing the VOIP Platform

National Institute of Standards & Technology/ISAlliance partner to develop SCAP platform for VoIP ISA panel presentation at NIST Automated Security Conference:
John Nagengast, Executive Director, Strategic Initiatives, AT&T, Ben Halpert, Chief Information Security Officer, Lockheed Martin Lawrence Dobranski, Leader, Advanced Security Solutions, Nortel

ISA Open Workshop at NIST Automated Security Conference ISA Project Management committee formed Applicability & Baseline Standards work groups formed with CoChairs
Travis Schack, Director, Threat & Vulnerability Management Program, Colorodo Greg Pulos, Sr. VoIP Engineer, Department of Commerce

Deliverables will be presented at 2009 NIST Automated Security Conference

20 century laws vs. 21st century technology

Many laws (ECPA, 1986; Computer Fraud and Abuse Act, 1994; CALEA 1996) have laudable goals but dont fit modern technology E.g. to protect vs. malware in unified communications such as VOIP, packets must be captured, filtered and analyzed which collide with prohibitions on interception and monitoring IP telephony = common carrier ? Confusion retards technology and economy ISA launched study analyze current laws, recommend how corporations should manage and govt. reform

Financial Management of Cyber Risk

Grows out of 911 Commission Report and Subsequent legislation DHS Requested ISA and ANSI collaborate 3 conferences 100 participants from industry government and academia Phase I Publish Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask Winter 08 Phased II Kick off w/ANSI NIST 2nd 09

ISA Supply Chain Project

18 months long (start fall 07) Focus on firmware Carnegie Mellon University and Center for Cyber Consequences Unit 3 conferences 100 Gov., Industry and Academic participants Results are strategy and framework provided to USG for NSC 60-day review of cyber policy

Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001