Article posted: Oct 23, 2015
There was a time when 28 percent of organizations made no presentations about security to their corporate boards, and nearly one in three corporate boards had no involvement in cybersecurity threats. That time was this year! For the complete story, check out our article in Security Magazine. It's the second part of our series focused on board members and security. Part one, viewable here, talks about what board members should know about security. And this latest article examines the board's role in securing the enterprise.
In a nutshell, here's what you'll learn about in greater detail when you read the Security Magazine piece:
- IT managers and CIOs have to be candid about security in their organizations - making it clear it likely is impossible to stop all security threats.
- Discuss and brainstorm risks and benefits by conducting a cybersecurity assessment and reviewing the results with the board of directors.
- Understand the legal, statutory, regulatory, and contractual requirements that an organization, its trading partners, contractors, and service providers have to satisfy, as well as their socio-cultural environment (particularly for multi-national organizations). Companies in non-compliance can face heavy fines.
- Know what the results of cybercrime might be - including serious damage to the company's reputation.
- Put safeguards in place, which includes knowing what to do and say if a security breach takes place. It also means doing everything possible, including implementing strong two-factor authentication, to thwart risks from inside threats. Implement a set of metrics so the board can stay informed regularly about the company's state of security.
Cybersecurity risks are continuously evolving. Companies must continuously monitor for exposure to risks, regularly assess the company's preparedness, and make any necessary adjustments to mitigate risks.