Leveraging Board Governance for Cybersecurity

Data and Cybersecurity
Written By Sarah Waters

The 2019 Mass Insight report produced for the ACSC recently formed the basis for a CSO online article below:

https://www.csoonline.com/article/3641635/13-traits-of-a-security-conscious-board-of-directors.html

Five key elements emerged from the interviews conducted for the report:

  • The Board's Strategic Risk Role: the board’s approach to cybersecurity should be strategic and risk-focused with an understanding of how cyber operations function within the overall business context.

  • Building Board Cyber Expertise: a board should have a baseline knowledge of both digital strategies and cybersecurity challenges in order to fulfill the role of risk oversight and governance; this responsibility should not fail disproportionately on one board member's shoulders.

  • Aligning the Board Role and Corporate Structures: boards need an understanding of an organization’s cybersecurity responsibilities and establish a clear ownership structure for the responsibility of receiving cyber updates and reviewing digital strategies and risk.

  • Overseeing Cybersecurity and Digital Transformation Budgets: boards should understand the how security investments and broader IT and technology commitments intersect through the review of a multi-year strategic IT plan inclusive of transformation budgets.

  • Developing Cyber Risk Methods and Frameworks: boards should prioritize the development of next generation, outcome-based cyber-risk frameworks that can create alignment between risk and investment.

Sarah Waters https://www.sarahbeth.graphics/
Previous

Timeline: Mass Insight’s Science and Technology Initiatives
Next

Mass Insight/BW Research Partnership: Analysis of Proposed Mandated Nursing Staffing Ratio