Your new post is loading...
Cyber security is no longer the sole responsibility of the technical people, or even the CIO.
Following the Target breach (where immense pressure was placed to replace most of the board members after the breach), and board members of Target and Wyndham Worldwide (hotel chain) face derivative lawsuit related to the data breaches. Recent survey reveal that nearly half (45%) of senior management acknowledge that the C-suite and senior leadership themselves are responsible for protecting their companies against cyber-attacks, and the U.S. Securities and Exchange Commission recently published a paper on the Role of the Boards of Directors in Overseeing Cyber-Risk Management, where it recommends:
Cyber-risk must be considered as part of the board’s overall risk oversight: “boards that choose to ignore, or minimize, the importance of cyber security oversight responsibility, do so at their own peril.”
Boards should assess the corporation’s cyber security measures including corporate policies and annual budgets for privacy and IT security programs. And perhaps, more critically, highlights the significance of cyber-risk education for directors, ensuring that the board be at least adequately represented by members with a good understanding of information technology issues that pose risks to the company.
Learn more:
- http://www.sec.gov/News/Speech/Detail/Speech/1370542057946
- https://gustmees.wordpress.com/2012/10/11/learning-basics-of-cyber-security-by-easy-to-follow-steps/
- https://gustmees.wordpress.com/2012/07/11/cyberhygiene-hygiene-for-ict-in-education-and-business/
Ignore it at your own peril