In short, cybersecurity needs to be understood and treated as a core business issue, much like legal and finance. No organization would make a significant business decision without consulting business and finance. In the 21st century very few business decisions ought to be made without considering their cybersecurity aspects.
There are many additional steps an organization needs to take to comprehensively address cyber risk which will be described in succeeding chapters.
Taking the right steps entails reconsidering corporate structure (as discussed in Chapter 3) and using modern cyber risk assessment tools that go beyond the traditional frameworks and checklists (as discussed in Chapter 4), as well as engaging personnel from across the enterprise in addressing a series of specific cyber issues (as discussed in Chapter 6).
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.