In Focus: Information Security and Cyber Security
Over the past month we have shared articles and resources around the board’s role in cyber security, information security, and IT governance.
The topic of information security and cyber security has been receiving increased coverage recently. And it seems that businesses of all shapes and sizes – with poor cyber security governance measures – are getting hit.
If you’re like me and not an IT whiz, don’t worry. There’s plenty of information available online to help bring you up to speed and give you a basic understanding of what cyber security is and how you and your board can develop an effective information security governance program. To further help you out, here are some of my picks from around the web.
Ignorance on cyber security no longer an option for boards by Australian Financial Review
If you are a company director, you need to know that your company is under attack. It’s not your fault but it is a problem you must deal with. Cyber security is not a technical problem that should be left to IT to deal with, it’s a business issue and you must be able to demonstrate due care. Read more.
A cybersecurity guide for directors by The Conference Board Governance Center Blog
Without effective oversight and accountability, an organisation’s cyber security governance systems, policies and procedures can be rendered meaningless, leaving the enterprise vulnerable to attack. In today’s world of continually reported material data breaches, boards cannot claim lack of awareness as a defense to allegations of oversight failures. Here is a model for that can help the board establish and maintain effective cybersecurity governance. Read more.
If the above article was a little overwhelming, this guide – prepared by KPMG – will do more to hold your hand through establishing a cybersecurity governance system. It highlights the organisational cyber-risks, presents action steps for implementing a cybersecurity governance plan, three key questions for the board to regularly ask, and a helpful guide on establishing the roles of the board and management in relation to cyber-risk management. Download guide.
Cybersecurity challenges for not-for-profits by Baker Tilly
In this webinar, Cybersecurity challenges specific to not-for-profits are discussed. The conversation covers: the impact of data breaches to organisations; how cyber criminals are attacking your organisation; developing and formalising an incident/breach response plan; what your organisation can do to reduce cybersecurity risks; and, the role of the board in cyber-risk oversight. Watch webinar.
All Boards Need a Technology Expert by Harvard Business Review
Executive directors are usually selected for their leadership qualities; they often have experience with generalized management or leadership experience rather than narrow expertise or technical acumen. Why should knowledge of IT be an exception? Read more.
How to Ace Board IT Governance Without Tech Expertise by Tamara Paton
From her personal board experience, Tamara has created a simple framework to achieve reasonable assurance of an organisation’s IT strategy and operations. Tamara also shares a link to download an additional list of 50 IT governance questions that you should be asking as a board member. Read more.
If you’re more in to podcasts, TripWire has put together a list of their top information security podcasts. And for further reading on cyber-governance, check out this list of 50 top infosec blogs compiled by Digital Guardian.
Check out our Twitter and LinkedIn feeds for links to many more articles on cyber security governance. Be sure to subscribe to these channels to keep updated with information hand-picked for you and other new and aspiring company directors.