Larry Clinton

President and Chief Executive Officer, Internet Security Alliance - ISA

VITA
LARRY CLINTON
INTERNET SECURITY ALLIANCE

CURRENT EMPLOYMENT
President/CEO Internet Security Alliance (2002-Present)
Leads a diverse board of directors consisting of 20 senior cyber practitioners (typically CISO/CIO) representing nearly every critical industry sector toward ISA’s mission. ISA’s Mission is to integrate advanced technology with economics and public policy to help build a sustainable system of cybersecurity. ISA pursues 3 major goals: 1) to promote thought leadership on cybersecurity; 2) to advocate for public policy that will help build a sustainably secure cyber system; and 3) to promote the use of effective standards and practices for cybersecurity. Sectors represented on the ISA board include agriculture, audit, banking, communications, defense, education, financial services, healthcare, insurance, manufacturing, media, retail, software development, technology, and utilities.

PARTNERSHIP ACTIVITIES AND ASSOCIATIONS (Private Sector)

RESILIENT INVESTMENT PLANNING AND DEVELOPMENT WORKING GROUP

Mr. Clinton was invited to join the working group, to participate as a Subject Matter Expert (SME) in August 2021. As an SME, Mr. Clinton provides expertise, insight, and information, supporting the task group’s efforts to enhance infrastructure resilience at all levels. The working group is chartered under the Critical Infrastructure Partnership Advisory Council (CIPAC).

IT SECTOR COORDINATING COUNCIL

ISA is a charter member of the IT SCC. Mr. Clinton has been an active participant since the SCC’s inception including 10 years on the Executive Committee and 7 terms as an Officer -- 2 Terms as Chair (term limited) 2 terms as Vice Chair (term limited) 3 terms as Treasurer.

COMMUNICATIONS SECTOR COORDINATING COUNCIL

ISA has also been a member of the Comms SCC since its inception and continues active involvement although not to the extent of the IT SCC.

CROSS SECTOR COUNCIL (formally known as the Partnership for Critical Infrastructure Security)

Served on the council as Chair and Vice chair of the IT SCC for 4 years.

CARNIGIE MELLON UNIVERSITY

Mr. Clinton holds a certification from Carnegie Mellon in Cybersecurity Risk Management.

NATIONAL ASSOCIATION OF CORPORATE DIRECTORS (NACD)

Mr. Clinton is an NACD Fellow, and regularly teaches Master Classes in cybersecurity for NACD. ISA and NACD have co-produced 5 conferences (both US and international) specifically on cybersecurity for corporate boards. Since 2014 ISA has co-produced with NACD 3 editions of the Cyber Risk Handbook for Directors which is one of NACD’s most popular publications as well as numerous other educational activities some of which are outlined below.

WORLD ECONOMIC FORUM (WEF) /NACD COLLABORATION

Operating under a 2020 MOU, ISA NACD and WEF have created a formal collaboration focused on enhancing cybersecurity at senior management and board levels of industry.

The collaboration has identified two initial projects. First, the three organizations have created a set of consensus global principles for boards of directors to follow in pursuing their responsibilities for effective cyber risk oversight. Second, the organizations are collaborating on developing methodologies to empirically measure the impact of the designated best practices for cyber scrutiny in generating security outcomes such as improved risk management, better alignment between cybersecurity and business goals, improved budgeting for cyber risk management, better communication between board and management and creating a culture of security.

CENTER FOR AUDIT QUALITY (CAQ)

Mr. Clinton serves on CAQ’s Cybersecurity Action Panel (CAP) which advises CAQ and the AICPPA on effective cybersecurity auditing procedures.

ASSOCIATON OF GOVERNING BOARDS (AGB)

AGB represents the governing entities for US colleges and universities (Boards of Governors/Foundations/Executive Leadership). ISA works with AGB on defining best practices for cybersecurity for college and university leadership and also on creating a textbook which will adapt the board level principles for leadership on cybersecurity into a management level course on creating an enterprise-wide risk management approach to cybersecurity.

WHARTON SCHOOL, UNIVERSITY OF PENNSYLVANIA

For the past several years the ISA “team-teaches” a course in cybersecurity as part of the Stonier Graduate Program in Executive Education. ISA President Clinton and a group of ISA Board members teach the course which covers the evolving threat of cyber-attacks and enterprise best practices used by ISA companies to address these threats.

CYBERSECURITY COUNCIL OF GERMANY (CSCG)

ISA works in collaboration with CSCG on a range of projects including an adaptation of the ISA’s Social Contract model for Germany and an adaptation of the ISA-NACD Cyber Risk handbook for Germany (also in collaboration with BSI – see below).

EUROPEAN CONFERATION OF DIRECTORS ASSOCIATIONS (ecoDa)

ISA conducts workshops for ecoDa and ecoDa member organizations on cybersecurity and has collaborated on a pan-European version of the Cyber Risk Handbook.

JAPANESE BUSINESS FEDERATON

ISA collaborated on developing a cyber risk handbook for the Japanese market.

PARTNERSHIP ACTIVTIES AND ASSOCIATIONS (Government)

US Department of Homeland Security (DHS)

In addition to normal government industry collaboration, DHS has partnered with ISA on all three editions of the Cyber Risk Handbooks for corporate boards by providing a chapter on what industry should expect from government on cybersecurity. For the 2020 edition National Risk Management Center Director Kolasky authored the Forward. DHS and ISA also co-sponsored a panel at the RSA 2020 conference in San Francisco.

US DEPARTMENT OF JUSTICE

DOJ has provided a chapter for the 2017 and 2020 editions of the Cyber Risk Handbook on cybersecurity law enforcement services available to the private sector

German Federal Office of Information Security (BSI)

BSI collaborated with ISA on workshops in Germany on cyber risk oversight from the board level. Also collaborated with ISA and CSCG in developing a German language adaptation of the Cyber Risk Handbook produced by ISA and NACD. BSI Director Arne Shoenbohm personally participated in the events and provided the Forward for that publication which BSI distributes throughout Germany. Director Shoenbohm meets regularly with ISA during annual visits to the USA and Mr. Clinton does the same with BSI on trips to Europe.

ORGANIZATION OF AMERICAN STATES (OAS)

ISA and OAS collaborated on a series of in-region and web-based workshops on cyber risk management. Hundreds of Latin American based cybersecurity practitioners, academics, government officials and board members participated in the workshops and/or supplied written comments to drafts. The Result was a region-wide Cyber Risk handbook adapted specifically to the Latin American nations and culture distributed by OAS in English, Spanish and Portuguese.

SOCIAL MEDIA: THE #RETHINKCYBERSECUIRTY CAMPAIGN

In November 2020 ISA launched a national conversation built around the need to vastly upgrade the public and private sector efforts on cybersecurity. Since then, roughly 3,000 cyber practitioners, policy makers and academics have signed up to join ISA’s RE-Think Cybersecurity campaign - nearly 1,000 per month -- to find more effective ways to address this critical issue.

BOOKS

The Cybersecurity Social Contract, Internet Security Alliance 17 chapters/ 257 pages/ 24 authors Amazon: 2016). Edited by Larry Clinton and David Perera ABSTRACT: Book suggests the need for a theory of cyber security policy to guide effective action. Proposes building a cyber theory based on the “Economic Social Contract” which created the modern public utility model in the US and outlines specific policy options to adapt this theory to cybersecurity. Successive chapters, written by cyber practitioners, discusses how this theory and policies can be applied in the defense, healthcare, banking, utilities IT, telecommunications, education, manufacturing, and agriculture. Also includes chapters on privacy, corporate structure, board oversight, and improving the public private partnership.

CHAPTERS IN BOOKS

“The Evolving Cybersecurity Threat and an Architecture for Addressing It” by Larry Clinton Navigating the Digital Age p37-43. Matt Rosenquist, Editor. Claxton Business and Legal, 2015

“A Cybersecurity Action Plan for Corporate Bords” by Larry Clinton and Ken Daly Navigating the Digital Age, p 65-71. Matt Rosenquist, Editor. Claxton Business and Legal, 2015
ARTICLES IN PROFESSIONAL JOURNALS

“What Are You Afraid of? Roles and Responsibilities in the Public Private Partnership to Secure Cyberspace” by Larry Clinton Cutter IT Executive Update Vo. 2 No 15-p.1-5 Cutter Consortium 2005

“Governance in the Age of IT” by Larry Clinton Cutter IT Journal of Information Technology Management Vol 18 NO 9 Cutter Consortium September 2005 P 13-19

“Insuring IT Security Without Regulation” by Larry Clinton Cutter IT Executive Update Vo. 3 No, 24 p.1-5 Cutter Consortium 2006

“Improving Security and Revenue Through Corporate Structure” by Larry Clinton Cutter IT Executive Update Vo. 3 No, 23 p.1-4 Cutter Consortium 2006

“Securing Cyberspace: Is it Time to Rethink our Strategy” by Larry Clinton Cutter IT Journal of Information Technology Management Vol 19 No. 1 January 2006 Cutter Consortium P3-5 (Larry Clinton Guest Editor)

“Securing Cyberspace: Exactly What Should We be Doing” by Larry Clinton Cutter IT Journal of Information Technology Management Vol 19 No. 5 May 2006 Cutter Consortium p 1-5 (Larry Clinton Guest Editor)

“Education’s Critical Role in Cybersecurity” by Larry Clinton Educause Review Vol 44 No 5 September -October 2009 EDUCAUSE Review p.60-62

“One Side Now: The Need to Adopt a Business Systems Approach to Cloud Security” by Larry Clinton Journal of Software Technology Vol 14 No 4 2011 DCS p 36-38

“A Relationship on the Rocks the Public Private Partnership for Cyber Defense” by Larry Clinton Journal of Strategic Security Vol 2 No4 Winter 2011

“A Theory to Guide US Cybersecurity Policy” by Larry Clinton Cutter IT Journal of Information Technology Management Vol 24 No. 5 May 2011 Cutter Consortium p 30-35

“Best Practices for Operating Public Private partnerships in Cyber Security by Larry Clinton Journal of Strategic Security Vol 8 No4 Winter 2015

"International Principles for Boards of Directors and Cybersecurity," by Larry Clinton Cyber Security: A Peer Reviewed Journal, March 2021 (Expected)

ARTICLES IN GENERAL AND BUSINESS PRESS

“On the Record” by Larry Clinton Government Executive Magazine September 2003 P 84
“Waking the Castle” by Larry Clinton Business Management Magazine Spring 2004 P 51-52

“Can Congress Mandate Cybersecurity” Business Management Magazine Fall 2005 P 160

“Cybersecurity in the Board Room” by Larry Clinton April 19, 2014 USA Today

“Revolutions in Business; Cybersecurity is not just an IT Issue” by Larry Clinton, USA Today (April 2020)

TESTIMONY BEFORE GOVERNMENT BODIES
• 2003-10-23 Buenos Aries Argentina Organization of American States (OSA) Conference on Cybersecurity “What 9/11 Teaches Us About Information Sharing and Cybersecurity. Larry Clinton, President Internet Security Alliance (trip sponsored by US State Dept.)
• 2004-04-21 House Subcommittee on Technology, Information Policy, Intergovernmental Relations “Protecting Our Nation's Cyber Space: Educational Awareness for the Cyber Citizen,” Larry Clinton, President, Internet Security Alliance (ISA)
• 2006-09-13 Subcommittee on Telecommunications and the Internet “Cybersecurity: Protecting America's Critical Infrastructure, Economy, and Consumers,” Larry Clinton, President ISA
• 2007-10-31 House Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, “Enhancing and Implementing the Cybersecurity Elements of the Sector Specific Plans,” Larry Clinton, President, ISA
• 2008 -11-10 NATO Center for Cyber Excellence, Turin Estonia “The Cyber Security Social Contract” A theoretical Model for Cybersecurity,” Larry Clinton President ISA (trip sponsored by US State Department)
• 2009-05-01 House Subcommittee on Communications, Technology and Internet
Cybersecurity: “Network Threats and Policy Challenges,” Larry Clinton, President, ISA
• 2009-11-17 United States Senate Judiciary Committee, “Cybersecurity and the Advanced Threat, “Larry Clinton, President, ISA
• 2011-06-24 House Homeland Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, “Examining the Impact of the Obama Administration’s Cybersecurity Proposal,” Larry Clinton, President, ISA
• 2012-02-08 House Subcommittee on Communications and Technology Committee on Energy and Commerce, “Cybersecurity: Threats to Communications Networks and Private-Sector Responses,” Larry Clinton, President, ISA
• 2015-07-15 House Subcommittee on Science Oversight, “Developing Effective Metrics for Cybersecurity,” Larry Clinton, President, ISA
• 2016-08-08. House Government Reform Oversight Committee, What Government Can Learn from the Private Sector on Cybersecurity, Larry Clinton, President, ISA
• 2019 -09-27 OAS Conference on Cybersecurity “A Cyber Risk Handbook for Latin American Corporate Boards,” Larry Clinton, President ISA (sponsored by OAS)
• 2020 -2-4 G-20 Committee on Digital Economy, Riyadh Saudi Arabia “Addressing the Economics of Cyber Security,” Larry Clinton, President ISA (sponsored by G-20)

ISA BEST PRACTICES PUBLICATIONS

A COMMONSENSE GUIDE FOR SENIOR MANAGERS Senior Mangers: TOP TEN RECOMMENDED Information SECURITY PRACTICES. ISA July 2002

COMMON SENSE GUIDE TO CYBERSECURITY FOR SMALL BUSINESSES: A 12 STEP PROGRAM FOR INFORMATION SECURITY ISA MARCH 2004 (endorsed by DHS, NAM, ABA, NFIB Staysafeonline)

COMMON SENSE GUIDE TO PREVENTION AND DETECTION OF INSIDER THREATS By Dawn Cappeli ISA and Carnegie Mellon University CyLab 2006

CONTRACTING FOR INFORMATION SECURITY IN COMMERCIAL TRANSACTIONS: AN INTRODUCTORY GUIDE ISA 2007 (sponsored by Information Systems Security Association)

THE FINANCIAL IMPACT OF CYBER RISK: 50 QUESTIONS EVERY CFO SHOULD ASK ABOUT CYBERSECURITY, ISA and The American National Standards Institute –ANSI (2008)

NAVIGATING COMPLIANCE AND SECURITY FOR UNIFIED COMMUNICATIONS, ISA (2009)

THE FINANCIAL MANAGEMENT OF CYBER RISK: AN IMPLEMENTATION FRAMEWORK FOR CFOS ISA and ANSI) (2010)

THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION: A BUSINESS CASE FOR ENHANCED PHI SECURITY ISA, ANSI AND SHARED SSESSMENTS (2012)

THE ADVANCED PERSISTENT: PRACTICAL CONTROLS THAT SMALL AND MEDIUM BUSNESS LEADERS SHOULD CONSIDER IMPLEMENTING, ISA 2013

CYBER RISK OVERSIGHT DIRECTOR’S HANDBOOK (first edition) prepared by Larry Clinton
National Association of Corporate Directors and ISA 2014

MANAGING CYBER RISK: A HANDBOOK FOR GERMAN BOARDS prepared by Larry Clinton and Stacey Barrack (2016) ISA and the German Federal Office of Information Security (BSI) (available in German and English) (first edition 2017, second edition in dvelopment)
CYBER RISK HANDBOOK FOR LATIN AMERICAN BOARDS prepared by Larry Clinton and Josh Higgins ISA and the Organization of American States (available in Spanish, Portuguese and English) (2019)

The Cyber Risk Handbook for Pan European Boards of Directors (2020) prepared by Larry Clinton and Josh Higgins ISA with The European Confederation of Directors’ Associations (ecoDa)

Cyber Risk Oversight 2020 prepared by Larry Clinton ISA and NACD 2020 (third edition)

The Cyber Risk Handbook for Japanese Boards (2020) ISA and Japanese Business Federation

The Cyber Risk Handbook for Asian Region (2021) ISA and AIG

The Cyber Risk Handbook for Higher Educational Institutions (2021) ISA and Association of Governing Boards USA

PUBLIC POLICY WHTE PAPERS

THE CYBER SECURITY SOCIAL CONTRACT: POLICY RECOMMENDATIONS FOR THE OBAMA ADMINISTRATION AND 111TH CONGRESS, Internet Security Alliance (2008)

SOCIAL CONTRACT 2.0: A 21ST CENTURY PROGRAM FOR EFFECTIVE CYBER SECURITY, Internet Security Alliance (2009)

"IMPROVING OUR NATIONS SECURITY THROUGH THE PUBLIC PRIVATE PARTNERSHIP," The Internet Security Alliance, in conjunction with the US Chamber of Commerce, TechAmerica, BSA and the Center for Democracy and Technology (2011)

AWARDS
• “Excellence in Collaboration” from On-Line Trust Alliance 2010
• Corporate 100” List of the Most Influential Individuals in Corporate Governance from National Association of Corporate Directors 2015
• Editor’s Choice Award from SC Magazine 2016
• “Corporate 100” List of the Most Influential Individuals in Corporate Governance from National Association of Corporate Directors 2017
• “Leadership Award” from Association of Certified Fraud Examiners 2017
• “Honor Roll” from Cyber Future Foundation 2018
• Board Leadership Fellow Award NACD 2019
• National Cyber Summit (India) Outstanding Contributions to Infrastructure Security 2019

OTHER PROFESSIONAL BACKGROUND

Campaign Manager Jakobsson for Congress (1983/84)
Communications Director then Legislative Director Congressman Terry Bruce (D-Ill-19) 1984-1987. Responsible for Energy and Commerce Committee and Science and Technology Committee
Legislative Director for Congressman Rick Boucher (D-VA-9) 1987-1990 Responsible for Energy and Commerce Committee/Telecommunications and Finance Subcommittee & Science and Technology Committee
Vice President Large /Company Affairs United States Telephone Association (1990-2002)

EDUCATION

Iona College New Rochelle NY BA Communications
University of Maryland, College Park MD MA Political Communications
University of Illinois Champaign Urbana Illinois coursework for PhD in Communication Theory (ABD inactive)

About Us

Events

Media

More from the Forum

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum