NACD, AIG, ISA and DHS Announce New Effort to Enhance Corporate Boards' Cybersecurity Oversight

WASHINGTON, July 29, 2014 (GLOBE NEWSWIRE) -- Today, the National Association of Corporate Directors (NACD), American International Group (AIG), the Internet Security Alliance (ISA) and the Department of Homeland Security (DHS)announced at the National Press Club the availability of the NACD Directors' Handbook on Cyber-Risk Oversight on the US-CERT website.

DHS' Critical Infrastructure Cyber Community (C3) Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework and manage cyber risks. The NACD handbook, developed with ISA and AIG, advises directors to set the expectation that their management teams have considered the NIST Framework in developing cyber-risk defense and response plans.

The handbook focuses on cybersecurity oversight at the board level, and is organized around five key principles that cover a wide spectrum of board-level considerations related to oversight of cybersecurity. Cyber-Risk Oversight is the first private sector resource to be featured on the C3 Voluntary Program's Getting Started for Business website and is available for public download on the NACD website.

Ken Daly, president and CEO, NACD; Mark Camillo, head of cyber products for the Americas Region, AIG; Larry Clinton, president and CEO, ISA; and Dr. Andy Ozment, Assistant Secretary for Cybersecurity and Communications, DHS discussed the handbook's recommendations at the event.

"We applaud NACD's commitment to strengthening our Nation's cybersecurity posture beyond just their members," said Dr. Ozment. "It demonstrates that the NIST Framework is being embraced across industry sectors through a far-reaching organization like NACD, and at the most senior levels of the corporate Enterprise Risk Management community - corporate boards of directors. These most senior business leaders steer our nation's economy."

Cyber-Risk Oversight embraces the voluntary industry-government partnership approach that is critical to enhancing the nation's cyber security. Through its programs DHS has emphasized the importance of cyber literacy at the board level. The handbook is designed to provide corporate directors with expert guidelines to improve their cybersecurity oversight.

"Ninety percent of directors participating in our latest governance survey indicated they would like to improve their understanding of cybersecurity risk," said Ken Daly, NACD president and CEO. "This handbook provides boards with practical tools to do just that, including self-assessment questions for directors, sample board report dashboards, and guidelines for conversations with management."

"The complexity of cyber threats has grown dramatically over the past decade. As the intricacy of attacks increases, so does the risk they pose to corporations," said Mark Camillo, head of cyber products for the Americas Region for AIG. "Conscientious and comprehensive oversight of cyber risk at the board level is essential."

Boards should adapt the recommendations set forth in the handbook based on their company's unique characteristics, including size, life-cycle stage, business strategy, industry sector, geographic footprint and culture.

"Recent breaches in both the public and private sectors have put the issue of cybersecurity on every board's agenda," said Larry Clinton, president and CEO of ISA. "This handbook is a natural extension of ISA's mission to create private sector standards and practices that integrate both the technological and economic aspects of cybersecurity, and provides a useful complement to the NIST framework by placing it in an enterprise wide risk management context."

Access the Cyber-Risk Oversight handbook at

About DHS

The DHS National Programs and Protection Directorate (NPPD) is responsible for safeguarding our Nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. DHS actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.

About NACD

The National Association of Corporate Directors (NACD) is the recognized authority focused on advancing exemplary board leadership and establishing leading boardroom practices. Informed by more than 35 years of experience, NACD delivers insights and resources that more than 14,000 corporate director members rely upon to make sound strategic decisions and confidently confront complex business challenges. NACD provides world-class director education programs, national peer-exchange forums, and proprietary research to promote director professionalism, ultimately enhancing the economic sustainability of the enterprise and bolstering stakeholder confidence. Fostering collaboration among directors, investors, and governance stakeholders, NACD is shaping the future of board leadership. To learn more about NACD, visit To become an NACD member, contact Kelly Dodd at or 202-380-1891.

About AIG

American International Group Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at | YouTube: | Twitter: @AIG_LatestNews | LinkedIn:

About ISA

The Internet Security Alliance (ISA) is a multi-sector trade association that sees cybersecurity not as an IT issue, but as an enterprise-wide risk management issue. ISA's mission is to combine technology with economics and public policy to create a sustainable system of cybersecurity. ISA is focused on three main goals, thought leadership, public advocacy, and creating standards and practices that effectively promote cybersecurity. In 2008, ISA published its cybersecurity social contract which argued that traditional government regulation would be ineffective and counter-productive against the growing cyber threat. Instead, ISA proposed that government work with industry to identify effective standards and practices and motivate voluntary adoption of these standards and practices by deploying market incentives. In 2011, the ISA "social contract" was embraced by the House GOP task force on cybersecurity and in 2013 the ISA approach was adopted in President Obama's executive order on cybersecurity.

CONTACT: Media Contacts: Bob Davis, Communications Director, DHS, NPPD 703-235-1917 Henry Stoever, Chief Marketing Officer, NACD 202-775-0509 Matt Gallagher, AIG Media Relations 212-458-3247 Larry Clinton, President and CEO, ISA 703-907-7028 lclinton@isalliance.orgSource:National Association of Corporate Directors