Board Cyber Risk Oversight

Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) om...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Antonucci, Domenic
Format:	Buchkapitel
Sprache:	eng
Schlagworte:	board oversight cyber risk cybersecurity enterprise‐wide risk management (ERM) Insurance objectives
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	21
container_issue
container_start_page	11
container_title
container_volume
creator	Antonucci, Domenic
description	Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) omission of cybersecurity from entity‐level objectives and strategic plans, (4) too much focus on internal controls, and (5) lack of reliable information on residual risk status. This chapter also presents four practical actions boards and CEOs can take to respond to cyber risk: (1) use a "five lines of assurance" approach, (2) include top objectives and specific owners, (3) establish a risk management framework, and (4) require regular reporting by the CEO.
doi_str_mv	10.1002/9781119309741.ch2
format	Book Chapter
fullrecord	<record><control><sourceid>proquest_wiley</sourceid><recordid>TN_cdi_proquest_ebookcentralchapters_4837509_23_49</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EBC4837509_23_49</sourcerecordid><originalsourceid>FETCH-LOGICAL-p123f-6b26db1ce23d3f9de3dc4ad57582797d9da4ac120848a6a3c7ac414e98cc8a9b3</originalsourceid><addsrcrecordid>eNptj91KxDAQRiOiuK59AL3qC3TNJGmTudTiHywsiF6HNElt3WJrU5X16e1aFRa8GD4YzjfDIeQU6AIoZecoFQAgpygFLGzF9sjx74LJfRL9AUrR9JDMUAECo1IekSiEZ0opKIZCshk5u2xN7-J8U_g-vq_DOl69-z7UT9VwQg5K0wQf_eScPF5fPeS3yXJ1c5dfLJMOGC-TrGCZK8B6xh0v0XnurDAulaliEqVDZ4Sx43sllMkMt9JYAcKjslYZLPicwHT3o278RvuibddBA9VbWb0jq0fZ7Yyd5J_OLvtZd99858qRZxPf9e3rmw_DVLH-ZehNYyvTDaO1ForLlKJmXAvkX31rZMs</addsrcrecordid><sourcetype>Enrichment Source</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype><pqid>EBC4837509_23_49</pqid></control><display><type>book_chapter</type><title>Board Cyber Risk Oversight</title><source>O'Reilly Online Learning: Academic/Public Library Edition</source><creator>Antonucci, Domenic</creator><contributor>Antonucci, Domenic</contributor><creatorcontrib>Antonucci, Domenic ; Antonucci, Domenic</creatorcontrib><description>Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) omission of cybersecurity from entity‐level objectives and strategic plans, (4) too much focus on internal controls, and (5) lack of reliable information on residual risk status. This chapter also presents four practical actions boards and CEOs can take to respond to cyber risk: (1) use a "five lines of assurance" approach, (2) include top objectives and specific owners, (3) establish a risk management framework, and (4) require regular reporting by the CEO.</description><identifier>ISBN: 9781119308805</identifier><identifier>ISBN: 1119308801</identifier><identifier>EISBN: 1119309727</identifier><identifier>EISBN: 9781119309727</identifier><identifier>EISBN: 1119309743</identifier><identifier>EISBN: 9781119309741</identifier><identifier>DOI: 10.1002/9781119309741.ch2</identifier><identifier>OCLC: 981912077</identifier><identifier>LCCallNum: HV6773.A586 2017</identifier><language>eng</language><publisher>United States: John Wiley & Sons, Incorporated</publisher><subject>board oversight ; cyber risk ; cybersecurity ; enterprise‐wide risk management (ERM) ; Insurance ; objectives</subject><ispartof>The Cyber Risk Handbook, 2017, p.11-21</ispartof><rights>Copyright © 2017 John Wiley & Sons, Inc. All rights reserved.</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/4837509-l.jpg</thumbnail><link.rule.ids>779,780,784,793,27924</link.rule.ids></links><search><contributor>Antonucci, Domenic</contributor><creatorcontrib>Antonucci, Domenic</creatorcontrib><title>Board Cyber Risk Oversight</title><title>The Cyber Risk Handbook</title><description>Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) omission of cybersecurity from entity‐level objectives and strategic plans, (4) too much focus on internal controls, and (5) lack of reliable information on residual risk status. This chapter also presents four practical actions boards and CEOs can take to respond to cyber risk: (1) use a "five lines of assurance" approach, (2) include top objectives and specific owners, (3) establish a risk management framework, and (4) require regular reporting by the CEO.</description><subject>board oversight</subject><subject>cyber risk</subject><subject>cybersecurity</subject><subject>enterprise‐wide risk management (ERM)</subject><subject>Insurance</subject><subject>objectives</subject><isbn>9781119308805</isbn><isbn>1119308801</isbn><isbn>1119309727</isbn><isbn>9781119309727</isbn><isbn>1119309743</isbn><isbn>9781119309741</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2017</creationdate><recordtype>book_chapter</recordtype><recordid>eNptj91KxDAQRiOiuK59AL3qC3TNJGmTudTiHywsiF6HNElt3WJrU5X16e1aFRa8GD4YzjfDIeQU6AIoZecoFQAgpygFLGzF9sjx74LJfRL9AUrR9JDMUAECo1IekSiEZ0opKIZCshk5u2xN7-J8U_g-vq_DOl69-z7UT9VwQg5K0wQf_eScPF5fPeS3yXJ1c5dfLJMOGC-TrGCZK8B6xh0v0XnurDAulaliEqVDZ4Sx43sllMkMt9JYAcKjslYZLPicwHT3o278RvuibddBA9VbWb0jq0fZ7Yyd5J_OLvtZd99858qRZxPf9e3rmw_DVLH-ZehNYyvTDaO1ForLlKJmXAvkX31rZMs</recordid><startdate>2017</startdate><enddate>2017</enddate><creator>Antonucci, Domenic</creator><general>John Wiley & Sons, Incorporated</general><general>John Wiley & Sons, Inc</general><scope>FFUUA</scope></search><sort><creationdate>2017</creationdate><title>Board Cyber Risk Oversight</title><author>Antonucci, Domenic</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p123f-6b26db1ce23d3f9de3dc4ad57582797d9da4ac120848a6a3c7ac414e98cc8a9b3</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2017</creationdate><topic>board oversight</topic><topic>cyber risk</topic><topic>cybersecurity</topic><topic>enterprise‐wide risk management (ERM)</topic><topic>Insurance</topic><topic>objectives</topic><toplevel>online_resources</toplevel><creatorcontrib>Antonucci, Domenic</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Antonucci, Domenic</au><au>Antonucci, Domenic</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>Board Cyber Risk Oversight</atitle><btitle>The Cyber Risk Handbook</btitle><date>2017</date><risdate>2017</risdate><spage>11</spage><epage>21</epage><pages>11-21</pages><isbn>9781119308805</isbn><isbn>1119308801</isbn><eisbn>1119309727</eisbn><eisbn>9781119309727</eisbn><eisbn>1119309743</eisbn><eisbn>9781119309741</eisbn><abstract>Most boards will face difficulty as they attempt to address cyber risk management. The five main categories of barriers to action can be identified as follows: (1) lack of senior management ownership of IT security, (2) failure to link cybersecurity assessments to key organization objectives, (3) omission of cybersecurity from entity‐level objectives and strategic plans, (4) too much focus on internal controls, and (5) lack of reliable information on residual risk status. This chapter also presents four practical actions boards and CEOs can take to respond to cyber risk: (1) use a "five lines of assurance" approach, (2) include top objectives and specific owners, (3) establish a risk management framework, and (4) require regular reporting by the CEO.</abstract><cop>United States</cop><pub>John Wiley & Sons, Incorporated</pub><doi>10.1002/9781119309741.ch2</doi><oclcid>981912077</oclcid><tpages>11</tpages></addata></record>
fulltext	fulltext
identifier	ISBN: 9781119308805
ispartof	The Cyber Risk Handbook, 2017, p.11-21
issn
language	eng
recordid	cdi_proquest_ebookcentralchapters_4837509_23_49
source	O'Reilly Online Learning: Academic/Public Library Edition
subjects	board oversight cyber risk cybersecurity enterprise‐wide risk management (ERM) Insurance objectives
title	Board Cyber Risk Oversight
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T10%3A37%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_wiley&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=Board%20Cyber%20Risk%20Oversight&rft.btitle=The%20Cyber%20Risk%20Handbook&rft.au=Antonucci,%20Domenic&rft.date=2017&rft.spage=11&rft.epage=21&rft.pages=11-21&rft.isbn=9781119308805&rft.isbn_list=1119308801&rft_id=info:doi/10.1002/9781119309741.ch2&rft_dat=%3Cproquest_wiley%3EEBC4837509_23_49%3C/proquest_wiley%3E%3Curl%3E%3C/url%3E&rft.eisbn=1119309727&rft.eisbn_list=9781119309727&rft.eisbn_list=1119309743&rft.eisbn_list=9781119309741&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC4837509_23_49&rft_id=info:pmid/&rfr_iscdi=true