ISA’s Clinton: ‘Huge mistake’ to expand use of ‘backward-looking,’ ineffective cyber reg model

Cyber regulation has generally created a “backward-looking” compliance approach to cybersecurity that is antithetical to actually improving security, according to the Internet Security Alliance’s Larry Clinton, who says effective risk-management alternatives are available.

“To begin with, traditional compliance is essentially a backward-looking pass-fail issue,” Clinton wrote in a Thursday blog post. “Cybersecurity, on the other hand, is a forward-looking risk management issue. In a compliance model you typically have to check off boxes indicating what you have done. You...