The way Dido Harding has been held to account in the wake of the TalkTalk data breach – which is reported to have cost the company up to £80 million and 100,000 customers – has shown just how important it is that the overall responsibility for an organisation’s security sits with the board, not just with the IT department.
In the UK, the Government’s national cyber security strategy identifies security as a board level responsibility, citing the importance of improving cyber awareness and risk management among businesses.
Everyone in a business has a role in keeping the company secure. Security should run through a company’s DNA. All applications and platforms should be built with security top of mind, and training given to employees so they understand the importance of things like password control, secure access to data, and so on. But it is the board that will set the example.
Board members deal daily with highly confidential information, making strategic decisions that impact, for example, share price and reputation. But it is often information shared with the board that poses the biggest security risk to the business. Board members routinely handle documents that set out the strategy of the business: M&A information, negotiation details, senior executive remuneration, and financial and customer data. And yet it is not uncommon for them to be excluded from day-to-day security rules, sitting above the rest of the organisation’s standards. For the full article click here
from cyber security caucus http://ift.tt/1T2SiDH
via IFTTT
No comments:
Post a Comment