ICT Supply Chain Risk Management Task Force: Conrad, Inc. represents the IT-ISAC on the Executive Committee of the ICT Supply Chain Risk Management Task Force. Established by DHS in November 2018, the ICT Supply Chain Risk Management Task Force is tasked with providing advice and recommendations to the U.S. Department of Homeland Security (DHS) and private sector owners and operators of ICT critical infrastructure on means for assessing and managing risks associated with the ICT supply chain.
IT Sector Coordinating Council: Our President and CEO represents the IT-ISAC on the Executive Committee of, and serves as Treasurer for, the Information Technology Sector Coordinating Council. The IT Sector Coordinating Council provides sector-wide, consensus based recommendations to DHS and other government partners on policy issues impacting the IT Sector. We helped to establish the IT Sector Coordinating Council and remain the longest serving member of its Executive Committee.
Information Sharing Hall of Fame: In September 2018, the IT-ISAC was inducted into the ISAO Standards Organization’s Information Sharing Hall of Fame. This award was given to the IT-ISAC for the totality of its contributions to information sharing since its founding in 2000. The IT-ISAC has been a client of Conrad, Inc. since 2006.
Coordinated Vulnerability Disclosure: Conrad, Inc. manages the Industry Consortium for Advancement of Security of the Internet (ICASI), the industry’s leading forum for identifying and resolving multiparty vulnerabilities. Through this, we managed the global disclosure of the WPA KRACK Attack vulnerabilities. Conrad, Inc. also provides program management support to the FIRST Vulnerability Coordination Special Interest Group.
Information Sharing and Analysis: Conrad, Inc. provides daily and strategic management to the Information Technology – Information Sharing and Analysis Center (IT-ISAC). IT-ISAC members include C-Suite technology and security leadership from the world’s largest technology companies, actively collaborating to protect their enterprises and our collective global information infrastructure. Conrad, Inc. has grown the IT-ISAC from a small community of U.S. based security vendors to a global forum of dozens of technology companies.
National Level Critical Functions: In 2008 – 2009 we led an industry-government effort to identify and assess risks to IT-Sector “critical functions.” This “functions based” approach to risk management was a first of its kind approach that emphasized the importance of the key functions or capabilities that the IT sector provides and manages, as opposed to a physical asset approach to security. In July 2018, DHS Secretary Kiersten Nielsen announced that DHS would adopt a functions based approach to develop a national risk assessment. Our team continues to serve in a leadership position as the IT Sector continues to refine and update its work to identify and manage threats to these critical functions.
Effective Practices Development: The Conrad, Inc. team is active in developing and promoting voluntary, industry driven effective practices. Our work includes participation in the ISAO Standards Organizations working groups, development of the NIST Cybersecurity Framework, as well as program managing the development of the FIRST PSIRT and CSIRT Frameworks.