INTERNET SECURITY ALLIANCE

CYBERSECURITY FOR BUSINESS

Chapter 1 – Cybersecurity is (Not) an IT Issue

Chapter 2 – Effective Cybersecurity Principles for Boards of Directors

Chapter 3 – Structuring for the Digital Age

Chapter 4 – A Modern Approach to Assessing Cyber Risk

Chapter 5 – The Role of HR Functions in Scaling Cybersecurity and Building Trust

Chapter 6 – Cybersecurity and the Office of the General Counsel

Chapter 7 – Cybersecurity Audit and Compliance Considerations

Chapter 8 – Cyber Supply Chain and Third-Party Risk Management

Chapter 9 – Technical Operations

Chapter 10 – Crisis Management

Chapter 11 – Cybersecurity Considerations During M&A Phases

Chapter 12 – Developing Relationships with the Cybersecurity Team

Chapter 3 - Structuring for the Digital Age

summary

As digital transformation becomes a business necessity cyber risks are mounting. Boards at leading organizations are responding by increasingly integrating cybersecurity as a strategic element in their business plans. A natural outcome of this broader understanding of cyber risk has been an evolution in corporate structure sometimes generated by governmental regulatory oversights and sometimes by innovative business thinking. While the specific structures continue to evolve in ways unique to individual enter-prise business plans there are some themes that seem to be common. These themes include a flatter, less siloed approach engaging a multi-stakeholder grouping into the discussions on cyber risk, elevating the reporting structure for these responsible for managing cyber risk. Initial research suggests that such structures can both enhance the cyber risk management function and improve business efficiency.

Play
Play
Play
Play
Previous
Next
Key Ideas
  • Traditional corporate structures for cybersecurity are inadequate to address modern cyber risk.

  • Research demonstrates that the management of the cybersecurity function will be more effective if it is integrated and encourages communication and flexibility on the issue throughout the enterprise.

  • Management of cyber risk is not solely the responsibility of the IT department within an organization, it should be managed across the enterprise.

  • Organizations need to find the right structure to address their cyber risks based on their size, priorities, and industry. There is no one-size-fits-all structure for the digital age.

  • Non-IT executives will play an important role in leading cybersecurity teams in new structures.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

Read More

Join ISA

Terms & Conditions | Contact Us

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

HELPFUL LINKS

Contact 
Calendar 
Board of Directors 
Media 
Team

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Larry Clinton, President and CEO, Internet Security Alliance

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.