Learn how to effectively educate and engage a board of directors on cybersecurity matters in this informative conference talk from the Central Ohio InfoSec Summit 2016. Explore the critical role of board members in overseeing organizational security, including their responsibilities, governance duties, and the importance of transparency. Discover strategies for communicating security and business value, implementing a comprehensive approach to enterprise risk management, and addressing legal implications. Gain insights into handling breaches, managing outsourcing risks, and preparing for unplanned events. Examine the challenges of educating developers, mitigating insider threats, and establishing proper governance structures. Delve into topics such as incident response, systemic escalation, and the composition of an effective board. Equip yourself with the knowledge to bridge the gap between cybersecurity professionals and board members, ensuring a strategic direction that aligns with business objectives and protects valuable assets.
Overview
Syllabus
Introduction
The role of a board member
Responsibilities of board members
Institute of Internal Auditors
Technology
Financial Loss
Institutional Shareholder Service
Where does security report
CISO vs CSO mission
Governance
Visibility
Transparency
Preventing breaches
Communication
Security and Business Value
Comprehensive Approach
Guiding Principles
Enterprise Risk Management
Legal Implications
ISO
Breaches
Industry Requirements
Policies
Cybersecurity
Assets
Outsourcing
Hurricane Katrina
Unplanned Events
Advanced Persistent Threats
Protecting Information
Challenges
Educating Developers
Insider Threats
Risks
Proper Governance
Strategic Direction
Business Issues
Incident Response
Systemic Escalation
References
Education
Being transparent
Questions
Composition of Board
Going Beyond Framework
How do you communicate
Any other questions
