The Culture, Media and Sport Committee said that chief executive officers (CEOs) should assume “ultimate responsibility for cybersecurity within a company” but that “day to day responsibility” for cybersecurity should be allocated to another person in the business, such as the chief information officer or head of security.
Those tasked with everyday cybersecurity responsibilities should be subject to “Board oversight” and sanctions if “the company has not taken sufficient steps to protect itself from a cyber attack”, it said.
To ensure cybersecurity is given sufficient attention at the top of businesses, however, “a portion of CEO compensation should be linked to effective cyber security, in a way to be decided by the Board”, the Committee said.
The Committee’s comments came in a new report it published at the end of itsinquiry into cybersecurity and the protection of personal data, which it opened in the aftermath of the data breach experienced by TalkTalk last year. For the full article click here
from cyber security caucus http://ift.tt/28Kyi3h
via IFTTT
No comments:
Post a Comment