Download - 7 cyber security questions for boards
Cyber security questions for boards7
???????
risk oversight is a
function of the full
Board…yet
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
Did you know 50% OF BOARDS
SEE Cyber Security AS AN I.T. ISSUE?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
That means 50% Are doing
it wrong
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
full Board
involved in
cyber risks =25%
Good
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
no Board
INVOLVEMENT in
cyber risks =30%
Bad
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
26% OF BOARDS SAY CISO or CSO
makes a presentation to the Board once
a year
UGLY
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
28% SAY their security
leaders make no
presentations at all.
UGLIER
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
What about 3rd Party vendors?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
23% do not evaluate 3rd parties - that number is
probably much higher
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
cyber training is neglectedKPMG Poll
only 50% of EMPLOYEES RECEIVE
PERIODIC cyber TRAINING
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
only 50% of EMPLOYEES
RECEIVE Initial cyber
TRAINING
So here are the 7
questions
How are key business processes
affected by different types of
cyber attacks?
(i.e. Ransom ware, Denial of service,
Data breach, etc)
1
Leads to discussion on what type of
cyber security we have and why
1
Is our physical
security adequate & is
it congruent with our
cyber security?
2
the two are
interrelated
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
2
who are our 3rd party
vendors?
3
and what risks do
they pose?
3
who is responsible for
cyber security
training?
4
HR, IT, CISO, etc?
4
Have officers and
directors received
cyber security /
information assurance
training?
5
these are high profile,
high risk positions
\
5
how do we vet our
administrators?
\
6
snowden was a
contractor…just
saying
\
6
who’s working for
you?
\
6
who does the ciso
report to and why?
\
7
Cyber security questions for boards71. How are key business processes affected by different types of cyber attacks?
2. Is our physical security congruent with our cyber security?
3. who are our third party vendors?
4. who is responsible for cyber security training?
5. have officers and directors received cyber security training?
6. How do we vet our administrators?
7. Who does the ciso report to?
www.paulmcgillicuddy.com
Share please