{"id":3420,"date":"2017-04-22T22:11:39","date_gmt":"2017-04-23T02:11:39","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis520817\/?p=3420"},"modified":"2018-12-14T12:19:58","modified_gmt":"2018-12-14T17:19:58","slug":"board-oversight-of-cyber-risk","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/2017\/04\/22\/board-oversight-of-cyber-risk\/","title":{"rendered":"Board Oversight"},"content":{"rendered":"<p>Issue\u00a090 of <strong>Board Perspectives: Risk Oversight<\/strong> published by Protiviti Inc. (\u201cProtiviti\u201d) addresses the role of Boards of Directors (\u201cBoards\u201d) in ensuring cybersecurity capabilities are continuously improving in the organizations they serve.\u00a0 Protiviti sites cyber as being amongst the top five risks for many businesses across industries, largely due to innovative IT transformation initiatives (e.g. mobile device usage, cloud computing solutions).<\/p>\n<p>Research conducted by Protiviti indicates that Board engagement in security matters has improved, and they presented the following eight \u201cbusiness realities\u201d for Boards to consider in order to maintain this trend:<\/p>\n<ol>\n<li><strong>The organization must be prepared for success.\u00a0 <\/strong>Protiviti recommends Boards ensure cybersecurity is managed in a manner that allows organizations to benefit from technological innovation through resilient policies and systems rather than overly managing cyber risk at the expense of technical evolution.<\/li>\n<li><strong>It is highly probable that the company is already breached and doesn\u2019t know it.\u00a0 <\/strong>Cyber risk events may have already occurred and\/or are underway at companies that don\u2019t have the ability to detect them.\u00a0 Protiviti suggests organizations become resistant to cyber events to protect their reputation and brand image.\u00a0 They recommend that periodic simulations of attacks be performed and the effectiveness of defenses assessed, and that Boards focus on the length of time it takes for organizations to detect and respond to breaches.<\/li>\n<li><strong>The board should focus on adverse business outcomes that must be managed. \u00a0<\/strong>Protiviti suggests Boards encourage focus on organizational strategies and objectives when assessing security risks as opposed to only protecting the underlying \u201ckey\u201d systems\/applications.<\/li>\n<li><strong>Cyber threats are constantly evolving.<\/strong>\u00a0 Protiviti stresses the need for evolutional protection measures in order for organizations to stay ahead of threat profiles and recommends Boards become aware of how management identifies and responds to new cyber threats.<\/li>\n<li><strong>Cybersecurity is like a game of chess, so play it that way.\u00a0 <\/strong>Protiviti cautions that reliance on technology to effectively monitor security is unsafe in today\u2019s computing environment, and suggests organizations improve their methods of delivering protective services to create enterprise-wide cyber awareness.<\/li>\n<li><strong>Cybersecurity must extend beyond the four walls. \u00a0<\/strong>In light of collaboration with third parties and increases in access extended to channel partners (e.g. vendors) and customers, Protiviti recommends Boards hold management responsible for assessing associated vulnerabilities and proactively implementing cost effective solutions.<\/li>\n<li><strong>Cyber issues cannot dominate the IT budget.<\/strong> \u00a0Protiviti warns Boards that they should not allow cybersecurity spend to disproportionately suppress technological advancements, cautioning that insufficient funding for innovation could result in insolvency due to the organizations failure to remain competitive against new market entrants.<\/li>\n<li><strong>Directors should gauge their confidence in the advice they\u2019re receiving.<\/strong> \u00a0Protiviti recommends Boards consider adding technology savvy members or advisors to assess the adequacy of expertise the Board relies on regarding cybersecurity matters.<\/li>\n<\/ol>\n<p>Protiviti also reported that cybersecurity program offices are emerging for the purpose of successfully managing large security projects in organizations that are not readily capable of managing cyber risks.<\/p>\n<p>In closing, Protiviti reiterated the need for companies to target protection investments on business outcomes, maintain awareness\/understanding of the changing threat landscape, and prepare for inevitable incidents since cyber risks will continually evolve and become increasingly difficult to manage.<\/p>\n<p>My favorite sentence in the article was: \u201cIt is always less expensive to build security into a system\u2019s design early rather than to retrofit it later.\u201d\u00a0 What\u2019s yours?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Issue\u00a090 of Board Perspectives: Risk Oversight published by Protiviti Inc. (\u201cProtiviti\u201d) addresses the role of Boards of Directors (\u201cBoards\u201d) in ensuring cybersecurity capabilities are continuously improving in the organizations they serve.\u00a0 Protiviti sites cyber as being amongst the top five risks for many businesses across industries, largely due to innovative IT transformation initiatives (e.g. mobile [&hellip;]<\/p>\n","protected":false},"author":21825,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[735745],"tags":[],"class_list":{"0":"post-3420","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-1-introduction-to-the-class","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/posts\/3420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/users\/21825"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/comments?post=3420"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/posts\/3420\/revisions"}],"predecessor-version":[{"id":4379,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/posts\/3420\/revisions\/4379"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/media?parent=3420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/categories?post=3420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5208sec001spring2020\/wp-json\/wp\/v2\/tags?post=3420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}