SlideShare a Scribd company logo

White paper-diligent-cybersecurity

J
james morris

This document discusses how boards and senior management must set an example of strong cybersecurity practices from the top. It provides a framework for evaluating board security with three questions: how data is stored, how strong the access controls ("locks") are, and who controls the encryption keys. Storing data in hosted board portals with strong encryption and access controls sets a better security example than using email, public file sharing, or paper documents. Boards must practice what they preach on cybersecurity.

Lifestyle
1 of 4
Download to read offline
At a time when the theft of customer information often leads to executive-level shake-ups, boards are taking a greater role in evaluating the adequacy of their organizations’ cybersecurity. But many boards have yet to apply the same level of scrutiny to their own security. This article provides an evaluation framework for directors and senior management. Focus is on three main factors: where data is stored, the strength of “locks” that provide access, and the control of “keys” for entry. Leadership’s engagement with cybersecurity is not only internally driven. Regulators have also begun to raise expectations. For example, in the United States, the Securities and Exchange Commission has affirmed the importance of including cybersecurity processes and events in a public company’s disclosure of risk factors and material events.1 And while these regulations may not apply to privately held companies and non-profits, they are nonetheless held to strict standards by their owners, business partners and donors. Despite the board’s responsibility for overseeing cybersecurity, they often overlook one critical link in the cybersecurity chain: the board’s own role as custodian of company information. After all, a board routinely handles, stores and internally shares sensitive financial and sales data along with confidential strategic plans, senior executive compensation policies and other privileged information. Unauthorized access to any of this information could have severe consequences. Jeffry Powell Executive Vice President, The Americas Charlie Horrell Managing Director, Europe, Middle East and Africa Al Percival Managing Director, Australia and New Zealand Brian Locke Director of Security Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
The problem is that a board’s position “above” the organization means it is often excluded from the organization’s own processes. As a result, when the chief information officer reviews the enterprise’s cybersecurity needs, he or she may understandably believe that board security is a matter for the corporate secretary or general counsel. The assumption may be that board-level cybersecurity is outside the CIO’s domain. There is also the undeniable fact that all cybersecurity options entail a trade-off between convenience and effectiveness. Because of the senior status of board members and leadership, there is a natural tendency to minimize any inconvenience on their part. As a result, board members often opt to access, store and share information in ways that may be convenient but that are considerably less secure than what is done by the organization as a whole. These include the sending of hard-copy packs of board materials or the emailing of PDFs. Another trade-off is where passwords are required. Instead of mandating secure passwords that contain no recognizable words and that consist of a combination of different character types, simple passwords such as a child’s name may be permitted. While these practices often arise from ad hoc decisions rather than deliberate policy, they are nevertheless resistant to change due to inertia. Given the heightened level of threats in these times, boards and senior management must do more than provide oversight of an organization’s cybersecurity. They must set an example of security best practices from the top. A FRAMEWORK FOR EVALUATING BOARD SECURITY Leaders who want a firm, intuitive grasp of how to judge their board’s cybersecurity practices can easily end up in a tangle of jargon. Fortunately, however, it can be easily straightened out by asking three basic questions: 1. How is the board data stored? 2. How strong are the locks? 3. Who controls the keys? Posing these questions can help with the evaluation of the board’s current solutions for information sharing, communication and collaboration – as well as any it may be considering. How is the board data stored? Any security evaluation should begin with the examination of who controls the data. Not knowing where information is and having an inability to control where it goes mean the solution is highly unsecure. This is why emailing board documents as PDF files is not a secure solution. Files can be accidentally forwarded by directors to others outside the board, or housed in personal email accounts with minimal consumer-level security. The same holds true for public file-sharing systems where files are stored “in the cloud.” What it really means is that your files could be on any server in the file-sharing network; you as a customer have no way of knowing exactly where they are. This nebulousness is why it’s called a “cloud” in the first place. One reason for the popularity of cloud-based storage systems among consumers has been the assumption that such systems are relatively secure. But high-profile cases of hacking, such as revelations of passwords and celebrity photos from cloud providers,2 demonstrate just how flawed that assumption is. Although hosted board portals do seem cloud-like – and are often mistakenly referred to as “cloud-based storage” – there are important differences. For one thing, they carefully control where your data is stored on the hosted system. What’s more, they keep the information of each hosted organization segregated from each other. Knowing where data is located as well as its protective security measures provides greater control and assurance over who has access to the information. Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
And after sensitive documents are no longer needed, the administrator can conduct a “virtual purge,” closing off the documents to anyone trying to access that user account with the stolen password. Beyond the protection of needing the right password to gain access, a board’s administrator can limit access to specific board documents according to criteria such as a committee membership, allowing them to be visible only to members of the audit committee or compensation committee, for instance. The administrator can also control from which specific device a director may access the system. 1 “CF Disclosure Guidance Topic No. 2: Cybersecurity,” U.S. Securities and Exchange Commission Division. 2 Wall Street Journal, “Apple Denies iCloud Breach: Tech Giant Says Celebrity Accounts Compromised by ‘Very Targeted Attack,’” September 2, 2014. http://online.wsj.com/articles/apple-celebrity- accounts-compromised-by-very-targeted-attack-1409683803 How strong are the locks? Keeping close tabs on data’s whereabouts is certainly crucial, but so is ensuring that only authorized users can access it. This is accomplished through encryption, i.e., the enciphering of data into a string of meaningless 0s and 1s. Only those with the correct digital key can decipher it. Of course, paper board packs have no digital key at all; the information can easily be read by everyone who gets their hands on it. And while it may be true that PDFs that are emailed or stored on file- sharing systems can be encrypted and protected by passwords, it puts the onus on whoever is distributing and receiving the material to manage password protocols. Further, documents “protected” in this way still remain vulnerable to “brute force” attacks via readily available software. Higher-quality hosted board portals typically use 256-bit encryption – a key of 256 0s and 1s. Since there are more possible combinations than stars in the universe, it’s safe to say that it would take almost an eternity for even the most determined hackers using the most advanced technology to crack the code. Who controls the keys? No matter how strong an encryption system may be, anyone with the right key can still access the information. For example, anyone who has the password to a password-protected PDF virtually owns the document. Stolen passwords mean stolen documents. However, with a hosted board portal, a password only goes so far. Yes, it allows access to the portal. But because control of the encryption keys protecting the board documents resides within the system, the person logging in will only see what he or she is allowed to see. A strong portal never loses control of the documents. The security implications are significant. If a password is stolen, the administrator can simply deny access for that password. Given the heightened level of threats in these times, boards and leaders must do more than provide oversight of an organization’s cybersecurity. They must set an example of security best practices from the top. THE RIGHT MESSAGE STARTS AT THE TOP While cybersecurity may have a permanent place on the agendas of boards and senior management in more and more organizations, that’s not enough. Security must also be a permanent part of boards’ behavior. Having the right platform to handle board information, communication and collaboration will ensure essential security practices are followed in the boardroom. It also sends the right message, namely: cybersecurity is everyone’s business. Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
Unleashing the value of information. Securely. Diligent is the leader in helping boards and senior executives make better decisions through information sharing and collaboration. Over 3,500 clients and 96,000 directors, executives and administrators in 45 countries rely on Diligent (NZX: DIL) to speed and simplify how board materials are produced, delivered, reviewed and voted on. Serving over one-third of the Fortune 1000, we provide the world’s most widely used board portal via iPad, Windows devices and browsers. Diligent has pioneered ease of use, stringent security, and superior training and support since 2001. For more information or to request a demo, contact us today: Email: info@diligent.com Call: +1 877 434 5443 Visit: www.diligent.com Download from Windows Store Download from Windows Store Diligent is a trademark of Diligent Corporation, registered in the United States. All third-party trademarks are the property of their respective owners. ©2015 Diligent Corporation. All rights reserved.

Recommended

Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Andris Soroka
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 

Recommended

Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Varonis - DSS @VILNIUS 2010
Varonis - DSS @VILNIUS 2010Andris Soroka
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsAndris Soroka
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)rich_webshield
 
Trusted information protection
Trusted information protection Trusted information protection
Trusted information protection Pablo Junco
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
WeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...David Sweigert
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)Mike Egli
 
Cloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta MeetingCloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta MeetingTaylor Banks
 
Intro Letter
Intro LetterIntro Letter
Intro LetterVipin Dave
 
Trust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker ContainersTrust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker ContainersNan Liu
 
Finding Evidence on Dementia
Finding Evidence on DementiaFinding Evidence on Dementia
Finding Evidence on DementiaCareSearch palliative care knowledge network
 

More Related Content

What's hot

DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsAndris Soroka
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)rich_webshield
 
Trusted information protection
Trusted information protection Trusted information protection
Trusted information protection Pablo Junco
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
WeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...David Sweigert
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)Mike Egli
 
Cloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta MeetingCloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta MeetingTaylor Banks
 

What's hot (19)

DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 
WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)WebShield eP3 Network Overview (02-04-2017)
WebShield eP3 Network Overview (02-04-2017)
 
Trusted information protection
Trusted information protection Trusted information protection
Trusted information protection
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Big data security
Big data securityBig data security
Big data security
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
WeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance framework
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)5 things it should be doing (but isn't!)
5 things it should be doing (but isn't!)
 
Cloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta MeetingCloud Security Alliance Q2-2012 Atlanta Meeting
Cloud Security Alliance Q2-2012 Atlanta Meeting
 

Viewers also liked

Trust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker ContainersTrust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker ContainersNan Liu
 
Fifty Fifty Executive Summary
Fifty Fifty Executive SummaryFifty Fifty Executive Summary
Fifty Fifty Executive SummaryEsteban Tapia
 
Hotr0608 ficha
Hotr0608 fichaHotr0608 ficha
Hotr0608 fichaperla1610
 
Athlegacy-Reference
Athlegacy-ReferenceAthlegacy-Reference
Athlegacy-ReferenceabarkerFKQ
 
Valtech agile transformation services - innovation games (aln conference)
Valtech agile transformation services - innovation games (aln conference)Valtech agile transformation services - innovation games (aln conference)
Valtech agile transformation services - innovation games (aln conference)Prasad Prabhakaran
 

Viewers also liked (11)

Intro Letter
Intro LetterIntro Letter
Intro Letter
 
Trust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker ContainersTrust, but verify | Testing with Docker Containers
Trust, but verify | Testing with Docker Containers
 
Finding Evidence on Dementia
Finding Evidence on DementiaFinding Evidence on Dementia
Finding Evidence on Dementia
 
Novedge - App Idea
Novedge - App IdeaNovedge - App Idea
Novedge - App Idea
 
Fifty Fifty Executive Summary
Fifty Fifty Executive SummaryFifty Fifty Executive Summary
Fifty Fifty Executive Summary
 
Hotr0608 ficha
Hotr0608 fichaHotr0608 ficha
Hotr0608 ficha
 
Athlegacy-Reference
Athlegacy-ReferenceAthlegacy-Reference
Athlegacy-Reference
 
1. resumen
1. resumen1. resumen
1. resumen
 
Be ece
Be eceBe ece
Be ece
 
Valtech agile transformation services - innovation games (aln conference)
Valtech agile transformation services - innovation games (aln conference)Valtech agile transformation services - innovation games (aln conference)
Valtech agile transformation services - innovation games (aln conference)
 
Ministerio Venezuela
Ministerio VenezuelaMinisterio Venezuela
Ministerio Venezuela
 

Similar to White paper-diligent-cybersecurity

Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Ulf Mattsson
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecuritySymantec
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional TatianaMajor22
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
eBook: Level Up Your Data Security with Tokenization
eBook: Level Up Your Data Security with TokenizationeBook: Level Up Your Data Security with Tokenization
eBook: Level Up Your Data Security with TokenizationKim Cook
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 

Similar to White paper-diligent-cybersecurity (20)

Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With Security
 
Big data security
Big data securityBig data security
Big data security
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
eBook: Level Up Your Data Security with Tokenization
eBook: Level Up Your Data Security with TokenizationeBook: Level Up Your Data Security with Tokenization
eBook: Level Up Your Data Security with Tokenization
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 

Recently uploaded

Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiCall Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiRaviSingh594208
 
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhidelhimodel235
 
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxRafaelBatulan
 
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012Mona Rathore
 
My Personal Testimony - James Eugene Barbush - March 11, 2024
My Personal Testimony - James Eugene Barbush - March 11, 2024My Personal Testimony - James Eugene Barbush - March 11, 2024
My Personal Testimony - James Eugene Barbush - March 11, 2024JAMES EUGENE BARBUSH
 
Moscow City People project Roman Kurganov
Moscow City People project Roman KurganovMoscow City People project Roman Kurganov
Moscow City People project Roman KurganovRomanKurganov
 
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Pooja Nehwal
 
Independent Call Girls Delhi ~9711199012~ Call Me
Independent Call Girls Delhi ~9711199012~ Call MeIndependent Call Girls Delhi ~9711199012~ Call Me
Independent Call Girls Delhi ~9711199012~ Call MeMs Riya
 
Panipat Call Girls in Five Star Services Call 08860008073
Panipat Call Girls in Five Star Services Call 08860008073 Panipat Call Girls in Five Star Services Call 08860008073
Panipat Call Girls in Five Star Services Call 08860008073 Apsara Of India
 
Neelam 9058824046 Call Girls Service in Haridwar
Neelam 9058824046 Call Girls Service in HaridwarNeelam 9058824046 Call Girls Service in Haridwar
Neelam 9058824046 Call Girls Service in Haridwarjaanseema653
 
‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'cakepearls Official
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhisoniya singh
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhisoniya singh
 
Riya 9058824046 Call Girls Service in Rishikesh
Riya 9058824046 Call Girls Service in RishikeshRiya 9058824046 Call Girls Service in Rishikesh
Riya 9058824046 Call Girls Service in Rishikeshjaanseema653
 
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfKALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfSallamSulaiman
 
Dubai Call Girls O528786472 Call Girls Dubai OL
Dubai Call Girls O528786472 Call Girls Dubai OLDubai Call Girls O528786472 Call Girls Dubai OL
Dubai Call Girls O528786472 Call Girls Dubai OLhf8803863
 

Recently uploaded (20)

Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiCall Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
 
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
 
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
 
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012
Russian BINDASH Call Girls In Mahipalpur Delhi ☎️9711199012
 
My Personal Testimony - James Eugene Barbush - March 11, 2024
My Personal Testimony - James Eugene Barbush - March 11, 2024My Personal Testimony - James Eugene Barbush - March 11, 2024
My Personal Testimony - James Eugene Barbush - March 11, 2024
 
Moscow City People project Roman Kurganov
Moscow City People project Roman KurganovMoscow City People project Roman Kurganov
Moscow City People project Roman Kurganov
 
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
 
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
 
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
 
Independent Call Girls Delhi ~9711199012~ Call Me
Independent Call Girls Delhi ~9711199012~ Call MeIndependent Call Girls Delhi ~9711199012~ Call Me
Independent Call Girls Delhi ~9711199012~ Call Me
 
Panipat Call Girls in Five Star Services Call 08860008073
Panipat Call Girls in Five Star Services Call 08860008073 Panipat Call Girls in Five Star Services Call 08860008073
Panipat Call Girls in Five Star Services Call 08860008073
 
Neelam 9058824046 Call Girls Service in Haridwar
Neelam 9058824046 Call Girls Service in HaridwarNeelam 9058824046 Call Girls Service in Haridwar
Neelam 9058824046 Call Girls Service in Haridwar
 
‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Bhikaji Cama Palace | Delhi
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Jama Masjid | Delhi
 
Riya 9058824046 Call Girls Service in Rishikesh
Riya 9058824046 Call Girls Service in RishikeshRiya 9058824046 Call Girls Service in Rishikesh
Riya 9058824046 Call Girls Service in Rishikesh
 
Hauz Khas Call Girls Delhi ✌️Independent Escort Service 💕 Hot Model's 9999965857
Hauz Khas Call Girls Delhi ✌️Independent Escort Service 💕 Hot Model's 9999965857Hauz Khas Call Girls Delhi ✌️Independent Escort Service 💕 Hot Model's 9999965857
Hauz Khas Call Girls Delhi ✌️Independent Escort Service 💕 Hot Model's 9999965857
 
Gurgaon Call Girls 9953525677 Call Girls Low Rate.pdf
Gurgaon Call Girls 9953525677 Call Girls Low Rate.pdfGurgaon Call Girls 9953525677 Call Girls Low Rate.pdf
Gurgaon Call Girls 9953525677 Call Girls Low Rate.pdf
 
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfKALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
 
Dubai Call Girls O528786472 Call Girls Dubai OL
Dubai Call Girls O528786472 Call Girls Dubai OLDubai Call Girls O528786472 Call Girls Dubai OL
Dubai Call Girls O528786472 Call Girls Dubai OL
 

White paper-diligent-cybersecurity

  • 1. At a time when the theft of customer information often leads to executive-level shake-ups, boards are taking a greater role in evaluating the adequacy of their organizations’ cybersecurity. But many boards have yet to apply the same level of scrutiny to their own security. This article provides an evaluation framework for directors and senior management. Focus is on three main factors: where data is stored, the strength of “locks” that provide access, and the control of “keys” for entry. Leadership’s engagement with cybersecurity is not only internally driven. Regulators have also begun to raise expectations. For example, in the United States, the Securities and Exchange Commission has affirmed the importance of including cybersecurity processes and events in a public company’s disclosure of risk factors and material events.1 And while these regulations may not apply to privately held companies and non-profits, they are nonetheless held to strict standards by their owners, business partners and donors. Despite the board’s responsibility for overseeing cybersecurity, they often overlook one critical link in the cybersecurity chain: the board’s own role as custodian of company information. After all, a board routinely handles, stores and internally shares sensitive financial and sales data along with confidential strategic plans, senior executive compensation policies and other privileged information. Unauthorized access to any of this information could have severe consequences. Jeffry Powell Executive Vice President, The Americas Charlie Horrell Managing Director, Europe, Middle East and Africa Al Percival Managing Director, Australia and New Zealand Brian Locke Director of Security Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
  • 2. The problem is that a board’s position “above” the organization means it is often excluded from the organization’s own processes. As a result, when the chief information officer reviews the enterprise’s cybersecurity needs, he or she may understandably believe that board security is a matter for the corporate secretary or general counsel. The assumption may be that board-level cybersecurity is outside the CIO’s domain. There is also the undeniable fact that all cybersecurity options entail a trade-off between convenience and effectiveness. Because of the senior status of board members and leadership, there is a natural tendency to minimize any inconvenience on their part. As a result, board members often opt to access, store and share information in ways that may be convenient but that are considerably less secure than what is done by the organization as a whole. These include the sending of hard-copy packs of board materials or the emailing of PDFs. Another trade-off is where passwords are required. Instead of mandating secure passwords that contain no recognizable words and that consist of a combination of different character types, simple passwords such as a child’s name may be permitted. While these practices often arise from ad hoc decisions rather than deliberate policy, they are nevertheless resistant to change due to inertia. Given the heightened level of threats in these times, boards and senior management must do more than provide oversight of an organization’s cybersecurity. They must set an example of security best practices from the top. A FRAMEWORK FOR EVALUATING BOARD SECURITY Leaders who want a firm, intuitive grasp of how to judge their board’s cybersecurity practices can easily end up in a tangle of jargon. Fortunately, however, it can be easily straightened out by asking three basic questions: 1. How is the board data stored? 2. How strong are the locks? 3. Who controls the keys? Posing these questions can help with the evaluation of the board’s current solutions for information sharing, communication and collaboration – as well as any it may be considering. How is the board data stored? Any security evaluation should begin with the examination of who controls the data. Not knowing where information is and having an inability to control where it goes mean the solution is highly unsecure. This is why emailing board documents as PDF files is not a secure solution. Files can be accidentally forwarded by directors to others outside the board, or housed in personal email accounts with minimal consumer-level security. The same holds true for public file-sharing systems where files are stored “in the cloud.” What it really means is that your files could be on any server in the file-sharing network; you as a customer have no way of knowing exactly where they are. This nebulousness is why it’s called a “cloud” in the first place. One reason for the popularity of cloud-based storage systems among consumers has been the assumption that such systems are relatively secure. But high-profile cases of hacking, such as revelations of passwords and celebrity photos from cloud providers,2 demonstrate just how flawed that assumption is. Although hosted board portals do seem cloud-like – and are often mistakenly referred to as “cloud-based storage” – there are important differences. For one thing, they carefully control where your data is stored on the hosted system. What’s more, they keep the information of each hosted organization segregated from each other. Knowing where data is located as well as its protective security measures provides greater control and assurance over who has access to the information. Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
  • 3. And after sensitive documents are no longer needed, the administrator can conduct a “virtual purge,” closing off the documents to anyone trying to access that user account with the stolen password. Beyond the protection of needing the right password to gain access, a board’s administrator can limit access to specific board documents according to criteria such as a committee membership, allowing them to be visible only to members of the audit committee or compensation committee, for instance. The administrator can also control from which specific device a director may access the system. 1 “CF Disclosure Guidance Topic No. 2: Cybersecurity,” U.S. Securities and Exchange Commission Division. 2 Wall Street Journal, “Apple Denies iCloud Breach: Tech Giant Says Celebrity Accounts Compromised by ‘Very Targeted Attack,’” September 2, 2014. http://online.wsj.com/articles/apple-celebrity- accounts-compromised-by-very-targeted-attack-1409683803 How strong are the locks? Keeping close tabs on data’s whereabouts is certainly crucial, but so is ensuring that only authorized users can access it. This is accomplished through encryption, i.e., the enciphering of data into a string of meaningless 0s and 1s. Only those with the correct digital key can decipher it. Of course, paper board packs have no digital key at all; the information can easily be read by everyone who gets their hands on it. And while it may be true that PDFs that are emailed or stored on file- sharing systems can be encrypted and protected by passwords, it puts the onus on whoever is distributing and receiving the material to manage password protocols. Further, documents “protected” in this way still remain vulnerable to “brute force” attacks via readily available software. Higher-quality hosted board portals typically use 256-bit encryption – a key of 256 0s and 1s. Since there are more possible combinations than stars in the universe, it’s safe to say that it would take almost an eternity for even the most determined hackers using the most advanced technology to crack the code. Who controls the keys? No matter how strong an encryption system may be, anyone with the right key can still access the information. For example, anyone who has the password to a password-protected PDF virtually owns the document. Stolen passwords mean stolen documents. However, with a hosted board portal, a password only goes so far. Yes, it allows access to the portal. But because control of the encryption keys protecting the board documents resides within the system, the person logging in will only see what he or she is allowed to see. A strong portal never loses control of the documents. The security implications are significant. If a password is stolen, the administrator can simply deny access for that password. Given the heightened level of threats in these times, boards and leaders must do more than provide oversight of an organization’s cybersecurity. They must set an example of security best practices from the top. THE RIGHT MESSAGE STARTS AT THE TOP While cybersecurity may have a permanent place on the agendas of boards and senior management in more and more organizations, that’s not enough. Security must also be a permanent part of boards’ behavior. Having the right platform to handle board information, communication and collaboration will ensure essential security practices are followed in the boardroom. It also sends the right message, namely: cybersecurity is everyone’s business. Cybersecurity and the Evolving Role of Boards: From Providing Oversight to Setting an Example
  • 4. Unleashing the value of information. Securely. Diligent is the leader in helping boards and senior executives make better decisions through information sharing and collaboration. Over 3,500 clients and 96,000 directors, executives and administrators in 45 countries rely on Diligent (NZX: DIL) to speed and simplify how board materials are produced, delivered, reviewed and voted on. Serving over one-third of the Fortune 1000, we provide the world’s most widely used board portal via iPad, Windows devices and browsers. Diligent has pioneered ease of use, stringent security, and superior training and support since 2001. For more information or to request a demo, contact us today: Email: info@diligent.com Call: +1 877 434 5443 Visit: www.diligent.com Download from Windows Store Download from Windows Store Diligent is a trademark of Diligent Corporation, registered in the United States. All third-party trademarks are the property of their respective owners. ©2015 Diligent Corporation. All rights reserved.