• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Cybersecurity: Guiding Principles for Board of Directors

Avatar

By Kamran Ahmed | At February 12, 2019

February 12, 2019

Cybersecurity: Guiding Principles for Board of Directors

Businesses of all sizes and from almost all industries are exposed to potential cyber-attacks. High-profile cyber-attacks in recent years have triggered enhanced scrutiny of the BOD’s readiness to tackle imminent attacks. The boardroom is now under the watchful eyes of regulatory authorities, shareholders, and customers. Even though the significance of cybersecurity at the Board level is discernible in most companies, it is often challenging to transform that awareness into practical steps that can be implemented.

There is general anxiety in the boardroom when it comes to the readiness to cope with a major cybersecurity incident. The National Association of Corporate Directors (NACD) said in its report that about 89 percent of public corporation directors discuss the topic of cybersecurity frequently in their meetings, but only less than 40 percent are confident that their companies are safe from possible cyber attacks.

There is no doubt that maintaining the right balance of profitability and growth with the security of corporate data in a highly competitive atmosphere can be a challenging task. Below, I have provided some guiding principles for the BOD to put effective cybersecurity oversights in place in such an environment. These principles are based on the NACD findings.

Guiding Principles

The board of directors can adopt and tailor these principles to their unique requirements, such as company size, strategies, business operations, industry, and geographic footmark.

Principle 1: Hold Board Level Cybersecurity Meetings

Some companies hold cybersecurity meetings at the board level, whereas others assign the matter to committees like the technology, audit, and risk committee. The board of directors, in any case, must be updated about the cybersecurity matters at least twice a year and when certain events and circumstances necessitate.

While putting cybersecurity as an individual item on the meeting agenda is now a norm, the matter must also be discussed during full-board meetings that involve:

  • Merger and acquisition
  • Business plan and product development
  • Acquisition and deployment of new technologies
  • Development of new procedures
  • Capital investment decisions like business expansion and technology up-gradation

Principle 2: Understand the Legal Repercussions of a Cybersecurity Event

The legal and regulatory environment surrounding cybersecurity is continuously changing. Board of directors must keep up with the new regulatory requirements for their companies. And they should know what legal implications their organizations may face in case of a cybersecurity incident.

Public corporations are obliged to make public cybersecurity incidents and risks that their organizations have faced or are facing. The boardroom should take into account the following factors:

  • The frequency of earlier cyber attacks
  • The severity of the cyber incidents
  • The likely costs and consequences that a cyber incident can cause
  • The effectiveness of the preventive actions taken in the past

Principle 3: Have Easy Access to Cybersecurity Professionals

To help the BOD get a high-level cybersecurity understanding, organizations should:

  • Arrange expert level briefings and get cybersecurity assessments done
  • Involve third-party, cybersecurity professionals in the briefings and assessments
  • Get cybersecurity insights and recommendations from the boardroom’s current advisors who have expertise in and industry-wide outlook on cyber risk evolutions
  • Support and organize educational programs for the BOD on cybersecurity and risk management

Principle 4: Comprehensive Cyber-Risk Management Structure

The board of directors must establish a clear and well-defined expectation that the management will put in place a company-wide cyber-risk management structure. While there isn’t a standard method for doing this, you may consider starting with the Cybersecurity Framework developed by the National Institute of Standards and Technology (“NIST”). You can use this elementary structure as a footing and then drape it with your industry-specific requirements. Establishing your expectations for the management alone is not sufficient. The BOD must also allocate human, financial and technological resources to the management for the development and implementation of the cybersecurity framework.

Conclusion

The cybersecurity incidents that shock the world during the last five years and the evolving legal and regulatory environment imply that for the board of directors, just being aware of cyber risks is not enough. Governments, customers, regulatory authorities, and shareholders now want the boardroom to be involved in continuously enhancing the cybersecurity of their organizations. Board of directors should constantly assess the capacity of their companies to cope with cybersecurity incidents. Even though each company will come up with a cyber risk management strategy that suits their needs, the principles that I have outlined above can help you make a good start.

Filed Under: Compliance, Cyber security news, Cyber security threats, Cyber security tips

Primary Sidebar

Archives

  • [+]Cloud security (9)
  • [—]Compliance (16)
    • 03 security concerns for low-code and no-code development
    • 03 signs the CISO-board relationship is broken and ways to fix it
    • 4 ways to build a strong security culture
    • Change Control Management and Information and Event Monitoring in Cyber Security
    • Cybersecurity: Guiding Principles for Board of Directors
    • HIPAA Compliance for Businesses: The Three Crucial Aspects
    • How to Find the Best Cyber Security Consulting Company
    • Importance of Cybersecurity In Wake of the Rising Challenges
    • Important Steps Board of Directors Should Take to Reduce Cybersecurity Risks
    • Predictions for the Cybersecurity Landscape of 2018
    • Reasons Why Cloud Security is Critical to Your Organization
    • Reasons Why Cyber Security Assessments Are Important for Organizations
    • Reasons why cyber security is important for banks
    • Reasons Why Law Firms Need Foolproof Cyber Security
    • To Outsource or Not to Outsource Cyber Security
    • Two Critical Components of Security Operations
  • [—]Cyber security news (53)
    • 03 security concerns for low-code and no-code development
    • 04 ways to improve your security posture in 2020
    • 05 ways malware can bypass endpoint protection
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 4 Cybersecurity trends in 2019
    • 4 Reasons why website security is important
    • 5 Methods to Make Customer Experience Safer
    • All About Data Repository
    • Attacker’s phish Office 365 users with fake voicemail messages
    • Changing Trends in Cybersecurity Training
    • Common types of cybersecurity threats
    • Coronavirus Used to Spread Malware
    • Cybercrime economy is worth $1.5 trillion in illegal profits: study
    • Cybersecurity challenges for small businesses
    • Cybersecurity in the Aviation Industry
    • Cybersecurity: Guiding Principles for Board of Directors
    • Everything You Need to Know About Brute Force Attacks
    • Five experimental cybersecurity trends your business needs to know about
    • Four major data breaches 2018
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • Hostinger suffers from data breach and resets password for 14 million users
    • How AI can help you stay ahead of cybersecurity threats
    • How Cybersecurity Makes Journalism Safer
    • How does spyware work?
    • Measures taken by WhatsApp to avoid spam
    • One in three organizations suffered data breaches due to mobile devices
    • Predictions of Future Cybersecurity Trends in 2020 and Onwards
    • Protect backup from ransomware attacks and recover safely
    • Qbot Banking Malware is back with a new version
    • School Re-Openings Disturbed by Ransomware Attacks
    • The 4 biggest ransomware attacks of the last five years
    • The Post-COVID Situation for Small Business Cybersecurity
    • The rise of cryptojacking
    • The shortcomings of centralized server architecture
    • The Top 5 Cyber Security Breaches of 2017
    • Three trends shaking up multi-factor authentication
    • Top five cybersecurity predictions for 2019
    • Two in three businesses faced insider attacks in 2020
    • Two-factor authentication explained
    • Unsecure Server Compromises 350 Million Emails
    • US insurance company has customer data leaked on a forum
    • Use of OSINT tools for security and their functions
    • What is Encryption and its common types
    • What is information security? Definition, principles, and policies
    • What is Magecart? How it works and how to prevent it?
    • What is Typosquatting and How to Stay Safe
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Cybersecurity is the Answer for the Sharing Economy?
    • Will 5G improve mobile security?
    • World’s largest data breaches
  • [—]Cyber security threats (137)
    • 03 cyber threats expected to grow in 2020
    • 03 dangerous security assumptions to avoid
    • 04 top cloud security threats
    • 05 common social engineering tactics
    • 05 most common ways criminals scam you through social engineering
    • 05 signs that show you have been hacked
    • 05 ways malware can bypass endpoint protection
    • 06 ways to protect yourself against cybercrime
    • 07 benefits of cybersecurity awareness training
    • 09 Cybersecurity Threats to Watch Out For in 2019
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 3 Reasons Why Cybersecurity is More Important Than Ever
    • 3 ways to kick-start your organization's cybersecurity training
    • 3 ways to protect your business from ransomware attacks
    • 4 Cybersecurity trends in 2019
    • 4 Reasons why website security is important
    • 4 ways to build a strong security culture
    • 4 Ways to Effectively Protect Your Organization Against Data Breaches
    • 5 Cyber Security Tips Every Small Business Owner Needs to Know
    • 5 Cybersecurity Measures Every Small Business Should Take This Year
    • 5 hard truths every CISO should know
    • 5 Industries That Top the Hit List of Cyber Criminals in 2017
    • 5 Methods to Make Customer Experience Safer
    • 5 Misconceptions About Cyber-Security
    • 5 myths CEOs believe about cybersecurity
    • 5 Tips for Kickstarting Your Cyber Security Program
    • 5 ways to control cybersecurity burnout
    • All About Data Repository
    • All about ransomware
    • All about social engineering
    • Are all Bluetooth security device secure?
    • Attacker’s phish Office 365 users with fake voicemail messages
    • Can Smart Cities be Hacked?
    • Changing Trends in Cybersecurity Training
    • Common types of cyber scams and how to avoid them
    • Common types of cybersecurity threats
    • Common Types of Phishing Attacks
    • Credential Stuffing: The Newest Cybersecurity Threat
    • Cybercrime during COVID-19: 5 things every CISO needs to know
    • Cybercrime economy is worth $1.5 trillion in illegal profits: study
    • Cybercrooks increasingly targeting smart home devices
    • Cybersecurity and how to protect a company
    • Cybersecurity challenges for small businesses
    • Cybersecurity in the Aviation Industry
    • Cybersecurity: Guiding Principles for Board of Directors
    • Developing Cybersecurity in Medical Devices
    • Developing Cybersecurity in Medical Devices
    • Did COVID-19 Pandemic Increase Cybersecurity Threats?
    • Elements of cybersecurity
    • Emerging cybersecurity threats to businesses
    • Everything You Need to Know About Brute Force Attacks
    • Five social engineering tricks and tactics employees still fall for
    • Four biggest healthcare security threats for 2020
    • Four questions to answer before paying a ransomware demand
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • How Can a Cyber Security Service Help Secure Your Organization
    • How Cybersecurity Makes Journalism Safer
    • How do I protect myself from ransomware?
    • How does spyware work?
    • How much does it cost to launch a cyberattack?
    • How New Technologies Affect Cyber Security
    • How Security Updates Can Save You From Targeted Cyber Attacks
    • How to Alleviate Third Party Cyber Security Risks
    • How to detect and prevent crypto mining malware
    • How to Find the Best Cyber Security Consulting Company
    • How To Identify Hoax Emails
    • How to Make an Incident Response Plan
    • How to prevent, detect and defend against Credential stuffing
    • How to secure server-less apps
    • How To Secure Your Systems With Anti-Malware and Host Intrusion Prevention
    • Importance of Cybersecurity In Wake of the Rising Challenges
    • Important building blocks of a robust cybersecurity and common cyber threats
    • Important Steps Board of Directors Should Take to Reduce Cybersecurity Risks
    • Information Security Governance Best Practices
    • IoT – The New Soft Spot for Attackers
    • Is Quantum Internet Impervious to Cyber Breaches?
    • Is Your Small Business Safe From Cyber Attacks?
    • LinkedIn Scams: Still the Most Popular Form of Phishing
    • Malware - The Lingering Cybersecurity Threat
    • Malware and ways of detecting them
    • Newsletter: Law Firms and Cyber Ransom
    • One in three organizations suffered data breaches due to mobile devices
    • Penetration Testing and Its Advantages
    • Petya ransomware and NotPetya malware
    • Predictions for the Cybersecurity Landscape of 2018
    • Predictions of Future Cybersecurity Trends in 2020 and Onwards
    • Protect backup from ransomware attacks and recover safely
    • Reasons Why Cloud Security is Critical to Your Organization
    • Reasons Why Law Firms Need Foolproof Cyber Security
    • Retail Industry Faces a Challenging Cyber Threat Landscape
    • School Re-Openings Disturbed by Ransomware Attacks
    • Security Best Practices for Collaboration Platforms
    • Smishing and vishing: How these cyber attacks work and how to prevent them
    • Steps for building an effective incident response plan
    • Steps to securely shutting down business units
    • System Hardening and Cyber Security
    • The 4 biggest ransomware attacks of the last five years
    • The 5 Most Dangerous Types of Malware to Be Cautious of in 2020
    • The 5 types of cyber-attack you're likely to face in 2020
    • The 8 Best Cybersecurity Strategies for Small Businesses in 2021
    • The common types of cyber attacks
    • The Importance of Cyber Resilience in Cyber Security
    • The Increasing Risk of Ransomware Attacks
    • The Post-COVID Situation for Small Business Cybersecurity
    • The Risk of Insider Threat to Financial Services Organizations
    • The shortcomings of centralized server architecture
    • The three pillars of cybersecurity
    • The Top Cyber Security Threats Law Firms Will Face in 2019
    • Three signs you're socially engineered
    • Three ways to protect your supply chain from Cyber-Attack
    • Tips to optimize your VPN security
    • To Outsource or Not to Outsource Cyber Security
    • Top 3 Criminal Methods of Using Artificial Intelligence for Cyber Attacks
    • Top 3 Methods Cyber Criminals Are Using Artificial Intelligence
    • Top Cybersecurity Myths Busted
    • Two in three businesses faced insider attacks in 2020
    • Vishing, its Techniques and How to Prevent it
    • What Is a Backdoor Attack?
    • What is Botnet and how to prevent Botnet attack
    • What is Malware and Types of Malware?
    • What is Ransomware and How to Prevent It
    • What is scam and types of scam?
    • What is SIEM software? How it works and how to choose the right tool?
    • What is Smishing and How to Avoid it
    • What is spyware and its types?
    • What is the incident response? 05 steps for building a robust IR plan
    • What is Typosquatting and How to Stay Safe
    • What is WireGuard? Secure, simple VPN still in development
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Who is a target for ransomware attacks?
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Cybersecurity is the Answer for the Sharing Economy?
    • Why Is Cyber-Security So Important to the Healthcare Industry
    • World’s largest data breaches
    • Worms – The New Cyber Security Threat
  • [—]Cyber security tips (146)
    • 03 dangerous security assumptions to avoid
    • 03 keys to protect your supply chain from cyberattacks
    • 03 security concerns for low-code and no-code development
    • 03 signs the CISO-board relationship is broken and ways to fix it
    • 04 common pen testing mistakes and how to avoid them
    • 04 reasons users hate cybersecurity awareness training, and how to make them love it
    • 04 ways to improve your security posture in 2020
    • 04 Wi-Fi vulnerabilities beyond weak passwords
    • 05 Simple Tips to Increase Your Small Business Security Using Inexpensive Cybersecurity Measures
    • 05 ways malware can bypass endpoint protection
    • 05 ways to fend off spyware, malware, and ransomware
    • 06 ways to protect yourself against cybercrime
    • 07 benefits of cybersecurity awareness training
    • 09 Cybersecurity Threats to Watch Out For in 2019
    • 3 email security protocols that help prevent address spoofing
    • 3 Huge Cyberattacks Show the True Extent of Cyber Crime
    • 3 Reasons Why Cybersecurity is More Important Than Ever
    • 3 ways to kick-start your organization's cybersecurity training
    • 3 ways to protect your business from ransomware attacks
    • 4 Reasons why website security is important
    • 4 ways to build a strong security culture
    • 4 Ways to Effectively Protect Your Organization Against Data Breaches
    • 5 Cyber Security Tips Every Small Business Owner Needs to Know
    • 5 Cybersecurity Measures Every Small Business Should Take This Year
    • 5 essential security tools for every organization
    • 5 hard truths every CISO should know
    • 5 Industries That Top the Hit List of Cyber Criminals in 2017
    • 5 Methods to Make Customer Experience Safer
    • 5 Misconceptions About Cyber-Security
    • 5 myths CEOs believe about cybersecurity
    • 5 Practical tips to prevent ransomware attacks on a backup storage
    • 5 steps to avoid credential dumping attacks
    • 5 Tips for Kickstarting Your Cyber Security Program
    • 5 ways to control cybersecurity burnout
    • Are all Bluetooth security device secure?
    • Basic cybersecurity tips for a workplace
    • Can Smart Cities be Hacked?
    • Change Control Management and Information and Event Monitoring in Cyber Security
    • Common types of cyber scams and how to avoid them
    • Common Types of Phishing Attacks
    • Credential Stuffing: The Newest Cybersecurity Threat
    • Cyber Security Tips That Can Help Safeguard Your Digital Presence
    • Cybercrime during COVID-19: 5 things every CISO needs to know
    • Cybercrooks increasingly targeting smart home devices
    • Cybersecurity tips for business travelers
    • Cybersecurity tips for government
    • Cybersecurity tips for law firms
    • Cybersecurity: Guiding Principles for Board of Directors
    • Data breaches and types of data breaches
    • Developing Cybersecurity in Medical Devices
    • Developing Cybersecurity in Medical Devices
    • Elements of cybersecurity
    • Emerging cybersecurity threats to businesses
    • Ethical Hacking as Explained by White Hat Hackers
    • Four essential steps to improve your cybersecurity posture
    • Four questions to answer before paying a ransomware demand
    • Four significant changes coming to cybersecurity in 2020 and beyond
    • Four tips to make cybersecurity training more effective through gamification
    • Full Disk Encryption
    • Hackers are using famous file sharing services to hack email accounts
    • History of Cybersecurity and Hacking
    • How AI can help you stay ahead of cybersecurity threats
    • How Can a Cyber Security Service Help Secure Your Organization
    • How Cybersecurity Makes Journalism Safer
    • How do I protect myself from ransomware?
    • How does spyware work?
    • How New Technologies Affect Cyber Security
    • How Security Updates Can Save You From Targeted Cyber Attacks
    • How to Alleviate Third Party Cyber Security Risks
    • How to backup and restore data to avoid ransomware attack
    • How to defend against the latest Wi-Fi security threats
    • How to detect and prevent crypto mining malware
    • How to Enhance Data Security With Encryption, Discovery, and Classification
    • How to Ensure Mobile Device Security in Your Organization
    • How to Find the Best Cyber Security Consulting Company
    • How To Identify Hoax Emails
    • How to Make an Incident Response Plan
    • How to prevent, detect and defend against Credential stuffing
    • How to protect your business from holiday attacks
    • How to secure server-less apps
    • How to secure your router and home network
    • How To Secure Your Systems With Anti-Malware and Host Intrusion Prevention
    • How To Use DLP and FIP for Enhanced Data Protection
    • Identity and Access Management and Its Importance for Organizations
    • Importance of Cybersecurity In Wake of the Rising Challenges
    • Important Cyber Security Tips for 2018
    • Important Steps Board of Directors Should Take to Reduce Cybersecurity Risks
    • Information Security Governance Best Practices
    • Is Quantum Internet Impervious to Cyber Breaches?
    • Malware - The Lingering Cybersecurity Threat
    • Malware and ways of detecting them
    • Measures taken by WhatsApp to avoid spam
    • Newsletter: Law Firms and Cyber Ransom
    • Penetration Testing and Its Advantages
    • Ransomware Against Businesses is on the Rise Amid COVID-19
    • Reasons Why Cloud Security is Critical to Your Organization
    • Reasons Why Cyber Security Assessments Are Important for Organizations
    • Reasons Why Data Safety Should be at the Core of Cloud Security
    • Reasons Why Law Firms Need Foolproof Cyber Security
    • Reliable Ways to Enhance Your System Security
    • Retail Industry Faces a Challenging Cyber Threat Landscape
    • Say Goodbye to Social Media Spam
    • School Re-Openings Disturbed by Ransomware Attacks
    • Security Best Practices for Collaboration Platforms
    • Social engineering prevention
    • Steps required for building a cybersecurity strategy
    • Steps to securely shutting down business units
    • System Hardening and Cyber Security
    • The 5 Most Dangerous Types of Malware to Be Cautious of in 2020
    • The 8 Best Cybersecurity Strategies for Small Businesses in 2021
    • The common types of cyber attacks
    • The four CIS controls you should implement first
    • The Importance of Cyber Resilience in Cyber Security
    • The Increasing Risk of Ransomware Attacks
    • The Post-COVID Situation for Small Business Cybersecurity
    • The Risk of Insider Threat to Financial Services Organizations
    • The shortcomings of centralized server architecture
    • The three pillars of cybersecurity
    • Things to Look for to Choose the Best Cybersecurity Service for Your Business
    • Three signs you're socially engineered
    • Three ways to protect your supply chain from Cyber-Attack
    • Tips to optimize your VPN security
    • Tips to Secure Your Serverless Applications
    • To Outsource or Not to Outsource Cyber Security
    • Top Cybersecurity Myths Busted
    • Two-factor authentication explained
    • Vishing, its Techniques and How to Prevent it
    • What Is a Data Breach?
    • What is Botnet and how to prevent Botnet attack
    • What is Magecart? How it works and how to prevent it?
    • What is Malware and Types of Malware?
    • What is opsec? A process for protecting critical information
    • What is scam and types of scam?
    • What is Smishing and How to Avoid it
    • What is the incident response? 05 steps for building a robust IR plan
    • What is Typosquatting and How to Stay Safe
    • Which Industries at Higher Risk of Cyber Attacks in 2021
    • Why Cybersecurity Has to Be a CEO Level Matter
    • Why Cybersecurity is the Answer for the Sharing Economy?
    • Why every business should require two-factor authentication
    • Why Is Cyber-Security So Important to the Healthcare Industry
    • Why is Information Security Important For the Healthcare Sector
    • Why you need both authorization and authentication
    • Why you should never, ever connect to public Wi-Fi
    • Will 5G improve mobile security?
    • Worms – The New Cyber Security Threat
  • [+]E-Commerce cyber security (3)
  • [+]Enterprise cyber security (3)
  • [+]Financial organizations cyber security (2)
  • [+]General (29)
  • [+]Government cyber security (2)
  • [+]Healthcare cyber security (2)
  • [+]Law Firms Cyber Security (1)
  • [+]Network security (3)
  • [+]Newsletter (1)
  • [+]Ransomware (4)
  • [+]Risk assessment and management (3)
  • [+]Security management and governance (7)
  • [+]System security (3)
  • [+]Uncategorized (15)
  • [+]Vendor security (4)

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (833) 899-8686

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Importance of Network Security: Safety in the Digital World
  • Information Security Governance Best Practices
  • Two in three businesses faced insider attacks in 2020

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Copyright © 2021