Five Principles for Stronger Board Oversight of Cybersecurity
Robyn Bew, Director of Strategic Content Development for the National Association of Corporate Directors (NACD), writes on BRINK News (Feb. 17) that NACD and the Internet Security Alliance recently released an updated edition of the Director’s Handbook on Cyber-Risk Oversight to help directors make headway on this important issue. "It is built around five core principles that apply to boards of organizations in all sizes and sectors," Bew states. One, directors must approach cybersecurity as an enterprise-wide risk management issue. Two, directors should understand the legal implications of cyber risks as they relate to their company's specific circumstances. Three, boards are urged to have adequate access to cybersecurity expertise. Four, Bew writes, "directors should set the expectation that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget." Finally, all board-management discussion of cyber risks should include identification of which risks to avoid, which to accept, and which to mitigate via insurance.
Abstract News © 2017 INFORMATION, INC.