Creating a Structure for Cyber Risk Management

Creating a Structure for Cyber Risk Management

Some areas of emphasis for this principle: * Table Top Exercises: As a result of the varied manners in which company executives have handled data breaches at their organizations, it has become clear that proper incident response planning is not just a necessity for IT staff and management, but also...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Bank Director 2017-10, Vol.27 (4), p.48-48
1. Verfasser: Browne, Brian
Format: Artikel
Sprache:eng
Schlagworte:
Audits
Cybersecurity
Data integrity
Directors
Executives
Handbooks
Internal auditors
Risk management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Some areas of emphasis for this principle: * Table Top Exercises: As a result of the varied manners in which company executives have handled data breaches at their organizations, it has become clear that proper incident response planning is not just a necessity for IT staff and management, but also for corporate executives and directors. The NACD handbook recommends that directors participate in simulations or table top exercises to become familiar with their incident response procedures and communication approach. * Board Minutes: Formal board meeting minutes should reflect when cyber risk issues are on the agenda or discussed, whether by the full board or key committees. In lieu of adding single purpose directors with cybersecurity expertise, boards can close this gap in other ways: * Deep dive briefings or examinations * Leveraging existing independent advisors, such as external auditors and outside counsel * Participating in director education programs Cyber Risk Management Framework Directors should set the expectation that management will adopt an enterprise wide cyber risk management framework with adequate staffing and budget.
ISSN:1070-7611