Larry Clinton, President of Internet Security Alliance, 10 Best Security Solution Providers of 2021

Larry Clinton
President of Internet Security Alliance

Larry Clinton, President of Internet Security Alliance

“Leading Provider of Cyber Risk Oversight”

There are innumerable challenges the organizations face starting with the sheer speed of the environment. The technology changes quickly, and the attacker community is so large, sophisticated, and well-financed (including nation-states) that the defending community is often overwhelmed. Add to this the fact that the cybersecurity space is relatively new, and security was not a major consideration when the Internet was designed, so it is inherently vulnerable to attack – and getting more vulnerable all the time Plus government has not figured out how to properly integrate with the private sector to develop a collective defense model.

The Internet Security Alliance (ISA) addresses this by providing thought leadership – e.g., explaining the above and then designing policies and practices to address it. “The best known of the ISA’s efforts are our cyber risk handbooks for corporate boards. We have produced these handbooks in 5 languages, and they are available (free of charge) in 5 languages on 4 continents,” says Larry Clinton, President, ISA. They have been embraced by governments such as the US, Germany, and the Organization of American States and organizations representing corporate boards, including the US National Association of Corporate Directors, the European Conference of Director Organizations the Japanese Business Federation. The ISA handbooks are the only set of best practices that have been independently assessed (by PWC) and found to generate improved security.

ISA was founded in 2000 when most people thought the Internet was secure. ISA was a partnership with Carnegie Mellon University and was the first entity to provide detailed vulnerability, threat, and mitigation advice to the private sector (before ISA, only the US federal government received that information). After the attacks of 9-11 in the US and the creation of DHS, the federal government took over the exclusive contract ISA had with CMU, and ISA transformed into its current model as a trade association with the Mission to integrate advanced technology with economics and public policy to create a sustainably secure cyber system.

"ISAs by-laws were altered in 2006 to limit the board of directors to 25 senior people from major corporations and represent the most senior individuals addressing cybersecurity in all critical infrastructures."

ISAs by-laws were altered in 2006 to limit the board of directors to 25 senior people from major corporations and represent the most senior individuals addressing cybersecurity in all critical infrastructures. Today ISA’s board has not only the “usual suspect” industries represented (e.g., IT telecom, defense, utilities, and financial services) but agriculture, manufacturing, media, and education. ISA is unique in its worldwide footprint and high-level board expertise. ISA has continually broadened the understanding of the nature of the cyber threat and has had its public policies reflected in the US by both the Republican and Democratic parties and its international collaborations such as those listed above and organizations like the World Economic Forum. This year, the ISA and the forum, and the National Association of Corporate Directors developed the first set of international consensus principles for cyber risk oversight. The three entities are now developing sophisticated methodologies to create the first empirical methods to test best practices and standards against widely understood security outcomes.

It is pertinent to mention, ISA is focused on cyber education. “We simply don’t have enough cybersecurity people and we need to have the next generation educated about the issue is a modern and productive way,” says Clinton. “Thus, we are taking the materials we have developed over the past few years targeting boards of directors and developing a set of materials for the management level that essentially tells management when their roles need to be given that their bords are adopting the strategic enterprise model we have advocated. This will entail several major modifications.” ISA is also creating methods to assess cyber program effectiveness – surprisingly, the field doesn’t have a methodology to test cyber effectiveness. “On the public policy side, we are working to develop market incentives to address the gap between industry – which makes security investments on a fairly risk tolerant commercial basis and government which is less risk tolerant as it has national security issue and privacy issues and government services that are not cost based to provide,” adds Clinton. IE


Internet Security Alliance


Larry Clinton
President of Internet Security Alliance


The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.

Security Solution Providers Magazine