You can’t read a corporate governance publication or blog today without getting advice about the board of directors’ role in incident response planning. It’s an expected reaction as corporate officers and directors come to terms with the idea that a breach is possible – maybe even probable. Many of us in the cybersecurity industry applaud this engagement as a component of the reactive part of the strategy, but we also share a concern — are boards and C- suite leaders underestimating their role in the organization’s strategy for day-to-day resiliency against the threats?
The timeline of a breach can be long. Weeks, months or even years go by before a large scale exfiltration or destruction of assets occurs. The point at which you discover a breach has a big impact on whether the damage is significant or not. Yet while many corporate leaders seem to be addressing the “crisis” part of a breach timeline – when revenue and reputation are severely at risk – they seem to be leaving oversight of the ongoing risk mitigation strategy in the hands of management. Frankly, if board oversight is limited to the crisis stage, we’ve failed on behalf of our shareholders and stakeholders.For the full article click here
from cyber security caucus http://ift.tt/1MFTzbl
via IFTTT
No comments:
Post a Comment