0 Results Found
            Back To Results
              Reports

              Board Oversight of Cybersecurity Risk: A Framework for Inquiry

              A tool for improving cybersecurity risk reporting and board-management discussions

              According to the National Association of Corporate Directors, 31% of board members surveyed are dissatisfied with the quality of cybersecurity information provided by management.1

              Boards of directors are seeking to engage with the cybersecurity strategy and monitor the risks more closely, but they face significant challenges. Recent court rulings provide some guidance, but there is no definitive standard for what constitutes "reasonable board oversight" of cybersecurity risk. Likewise, chief information security officers (CISOs) often struggle to determine what information is most useful to present to the board. When the two parties do meet, emerging issues like ransomware and Cloud security often steal the show, while the real rigor – a business-wide risk management program for cybersecurity – remains unaddressed. Both CISOs and board members alike can benefit from a dashboard of replicable metrics that help the board monitor risk and measure progress over time relative to corporate strategy and tolerance.

              This white paper is a tool for improving the board-management dialog on cybersecurity risk management. It contains a Framework for Inquiry, a non-prescriptive exercise that can help boards and management work together to craft a common operational picture for reviewing risk levels, measuring effectiveness, and prioritizing investment over time.

              *Source: NACD 2015-16 Public Company Governance Survey1

              Like what you're reading ?
              Get instant access by completing the form below

              Select Role:

              • Board of Directors
              • CEO / CFO / COO
              • CISO / CSO
              • CIO / CTO
              • IT / IS / Security VP/Director
              • IT / IS / Security Manager
              • IT / IS / Security Staff
              • IT / IS / Non-Security
              • Risk / Legal / Compliance / Finance
              • Sales / Marketing
              • Press / Industry Analyst
              • Student

              Select Country:

              • Select an item

              Select State:

              • Select an item

              Select Annual Revenue:

              • ≥ $500M
              • $100-$499M
              • ≤ $100M

              Select Industry:

              • Banking
              • Business Services
              • Credit Union
              • Education
              • Finance
              • Government
              • Health Care (Non-Hospital)
              • Heavy Industry
              • Hospitality
              • Hospitals
              • Insurance
              • Legal
              • Manufacturing
              • Media
              • Membership Organizations
              • Retail
              • Technology
              • Telecom
              • Transportation
              • Utilities
              • Other

              Current Security Environment?:

              • Managing In-House
              • Managing Externally (3rd Party)
              • Blended Model (In-house and 3rd Party)
              • Not sure

              Select Next Security Initiative Timeframe:

              • 0-3 months
              • 3-6 months
              • 6-12 months
              • 12-24 months

              Select Our Greatest Security Challenge:

              • Securing The Cloud
              • Assessing security posture
              • Optimizing Security Operations
              • Protecting critical assets
              • Meeting & maintaining compliance
              • Preventing a data breach
              • Access to actionable security intelligence
              • Access to security expertise
              • Preparing & responding to an incident

              Interested in learning more

              Currently Looking for Assistance With (Select all that Apply)

              Select Best time to call:

              • Early morning (8-10am EST)
              • Late morning (10am-12pm EST)
              • Early afternoon (12-3pm EST)
              • Late afternoon (3-5pm EST)

              SecureWorks News :

              Related Content