The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
2. risk oversight is a
function of the full
Board…yet
NACD
DIRECTOR’S
HANDBOOK
SERIES
2014
EDITION
3. Did you know
50% OF BOARDS
SEE Cyber
Security AS
AN I.T. ISSUE?
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
4. That means
50% Are doing
it wrong
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
5. full Board
involved in
cyber risks =25%
Good
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
6. no Board
INVOLVEMENT in
cyber risks =30%
Bad
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
7. 26% OF BOARDS
SAY CISO or CSO
makes a
presentation to
the Board once
a year
UGLY
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
8. 28% SAY their
security
leaders make
no
presentations
at all.
UGLIER
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
9. What about
3rd Party vendors?
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
10. 23% do not evaluate 3rd
parties - that number is
probably much higher
PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
13. PWC:
US
cybersecurity:
Progress
stalled,
Key
findings
from
the
2015
US
State
of
Cybercrime
Survey
only 50% of
EMPLOYEES
RECEIVE Initial
cyber
TRAINING
31. Cyber security questions for boards7
1. How are key business processes affected by different types of cyber attacks?
2. Is our physical security congruent with our cyber security?
3. who are our third party vendors?
4. who is responsible for cyber security training?
5. have officers and directors received cyber security training?
6. How do we vet our administrators?
7. Who does the ciso report to?
www.paulmcgillicuddy.com