Home / News

IT Security Guide: “Financial Impact of Cyber Risk” Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack.

In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses—which can come from internal networks, the Internet or other private or public systems—to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation’s top four priority security issues.

“We are experiencing a financial meltdown due to a fundamental misunderstanding and mismanagement of modern financial systems, which is generating a crisis of confidence in our core institutions. Today, all our critical infrastructures are reliant on cyber systems that are also misunderstood and mismanaged. These vulnerabilities place both our financial and physical security in jeopardy unless we update the method we use to control our cyber systems,” said Larry Clinton, president of the ISA.

“The guide is revolutionary in its approach and extremely practical in its application. It will assist organizations in taking the necessary multi-dimensional approach to managing their cyber infrastructure by shifting the locus of control to the Chief Financial Officer,” Clinton explained.

Developed by a cross-sector task force representing more than 30 private and public sector organizations, The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask is the first known publication to approach the financial impact of cyber risks from the perspective of core business functions.

The document provides guidance to CFOs and their colleagues responsible for legal issues, business operations and technology, privacy and compliance, risk assessment and insurance, and corporate communications. It is organized in a question-based format, which makes it applicable to virtually any industry and any set of business circumstances.

The Financial Impact of Cyber Risk was unveiled this morning during a press conference at the National Press Club in Washington, DC. Two thousand copies of the publication are now en route to executives at leading companies across the nation.

“We urge all the owners and operators of our nation’s cyber systems to join with us in our joint effort to upgrade our nation’s security,” Clinton said.

In addition to the 50 strategic questions provided in the document, the action guide offers sample charts to aid in calculating the probability and severity of financial loss from both risk events and the actions taken to mitigate them. The guide also includes a list of standards and reference documents to help businesses develop comprehensive risk management frameworks.

“By bringing together a diverse group of cyber security experts, ANSI and the ISA have identified the potential gaps in the process of analyzing cyber risk,” said Fran Schrotter, senior vice president and chief operating officer at ANSI. “We have given C-Suite executives a tool that will assist them in developing and implementing a cyber risk management plan for their organization.”

To download a free copy of the document, visit http://webstore.ansi.org/cybersecurity.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix