Board Cyber Risk Oversight

Board Cyber Risk Oversight

Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) om...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Antonucci, Domenic
Format: Buchkapitel
Sprache:eng
Schlagworte:
board oversight
cyber risk
cybersecurity
enterprise‐wide risk management (ERM)
Insurance
objectives
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) omission of cybersecurity from entity‐level objectives and strategic plans, (4) too much focus on internal controls, and (5) lack of reliable information on residual risk status. This chapter also presents four practical actions boards and CEOs can take to respond to cyber risk: (1) use a "five lines of assurance" approach, (2) include top objectives and specific owners, (3) establish a risk management framework, and (4) require regular reporting by the CEO.
DOI:10.1002/9781119309741.ch2