Posts

Showing posts with the label GRC

Cyber Security Questions for Board of Directors

Image
Cyber Security Questions for Board of Directors. Although Board of directors have added cybersecurity risk to their agendas, there is no standard way for boards to think about cybersecurity, much less time-tested guidelines to help them navigate the issue. For boards, cybersecurity is an issue of enterprise risk. As with all enterprise risks, the key focus is mitigation, not prevention. This universally understood enterprise risk guideline is especially helpful in the context of cybersecurity because  no one can prevent all cyber breaches . Every company is a target, and a sufficiently motivated and well-resourced adversary can and will get into a company’s network. Consequently, terms like “cyber defense” are insufficient descriptors of an effective posture because they evoke the image that corporations can establish an invincible perimeter around their networks to prevent access by bad actors. Today, it’s more accurate to think of the board-level cybersecurity review goa