INTERNET SECURITY ALLIANCE

CYBERSECURITY FOR BUSINESS

Chapter 1 – Cybersecurity is (Not) an IT Issue

Chapter 2 – Effective Cybersecurity Principles for Boards of Directors

Chapter 3 – Structuring for the Digital Age

Chapter 4 – A Modern Approach to Assessing Cyber Risk

Chapter 5 – The Role of HR Functions in Scaling Cybersecurity and Building Trust

Chapter 6 – Cybersecurity and the Office of the General Counsel

Chapter 7 – Cybersecurity Audit and Compliance Considerations

Chapter 8 – Cyber Supply Chain and Third-Party Risk Management

Chapter 9 – Technical Operations

Chapter 10 – Crisis Management

Chapter 11 – Cybersecurity Considerations During M&A Phases

Chapter 12 – Developing Relationships with the Cybersecurity Team

Chapter 2 - Effective Cybersecurity Principles for Boards of Directors

summary

Cybersecurity is now a serious, enterprise-level risk and strategy challenge. Boards need to continuously assess their effectiveness to address cybersecurity, both in terms of their own fiduciary responsibility as well as their oversight of management’s activities. While the approaches taken by individual boards will vary, the principles in the ISA-NACD Cyber-Risk Handbook, and the several versions adapted for various countries and regions now available around the globe, have been shown to offer a helpful blueprint and timely guidance.


Ultimately, the board’s role is to bring its judgment to bear and provide effective guidance to management, in order to ensure the cybersecurity program is appropriately designed and sufficiently resilient given their company’s strategic imperatives and the realities of the business ecosystem in which it operates.

Play
Play
Play
Play
Previous
Next
Key Ideas
  • It is the board of directors’ responsibility to collaborate with the executive team to create a culture of security and effective oversight of executive’s cyber risk management.

  • Cybersecurity is not an IT-centric appendage issue, but rather needs to be woven into the full breadth of business decisions on an enterprise-wide basis.

  • There are a core set of board-level cyber risk principles that constitute a de-facto international standard of appropriate cyber risk oversight.

  • Boards should expect that the executive team will provide both technological and organizational structures that will implement the core principles the board has set.

  • Boards should expect management to be able to assess cyber risk in empirical and economic terms consistent with the business plan.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

Read More

Join ISA

Terms & Conditions | Contact Us

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

HELPFUL LINKS

Contact 
Calendar 
Board of Directors 
Media 
Team

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Larry Clinton, President and CEO, Internet Security Alliance

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.