The Internet Security Alliance has updated its “handbook” for corporate boards on managing cyber risks to reflect current threats and the latest “best practices.”
“The effects of cyberattacks are expanding well beyond information loss or business disruption. They can have a severe impact on an organization’s reputation and brand through loss of consumer confidence,” said ISA and the National Association of Corporate Directors in announcing the revised guidelines released Tuesday.
The revised document, “Key Principles and Guidance for Corporate Boards,” updates a handbook issued by the groups in 2017.
The two organizations outline five guiding principles behind cyber risk management and provide tools to address insider threats, oversight of incident response, and third-party and vendor risks. The report gives guidance on “new management methods to measure cyber risk in empirical and economic terms.”
The guide was developed in collaboration with the Department of Homeland Security and the Justice Department. It is designed for use by public companies, private companies and nonprofit organizations in every sector and industry, according to the groups.