fbpx

Chapter 2 - Effective Cybersecurity Principles for Boards of Directors

summary

Cybersecurity is now a serious, enterprise-level risk and strategy challenge. Boards need to continuously assess their effectiveness to address cybersecurity, both in terms of their own fiduciary responsibility as well as their oversight of management’s activities. While the approaches taken by individual boards will vary, the principles in the ISA-NACD Cyber-Risk Handbook, and the several versions adapted for various countries and regions now available around the globe, have been shown to offer a helpful blueprint and timely guidance.


Ultimately, the board’s role is to bring its judgment to bear and provide effective guidance to management, in order to ensure the cybersecurity program is appropriately designed and sufficiently resilient given their company’s strategic imperatives and the realities of the business ecosystem in which it operates.

Key Ideas
  • It is the board of directors’ responsibility to collaborate with the executive team to create a culture of security and effective oversight of executive’s cyber risk management.

  • Cybersecurity is not an IT-centric appendage issue, but rather needs to be woven into the full breadth of business decisions on an enterprise-wide basis.

  • There are a core set of board-level cyber risk principles that constitute a de-facto international standard of appropriate cyber risk oversight.

  • Boards should expect that the executive team will provide both technological and organizational structures that will implement the core principles the board has set.

  • Boards should expect management to be able to assess cyber risk in empirical and economic terms consistent with the business plan.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Larry Clinton, President and CEO, Internet Security Alliance

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.