Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Corporate Governance and Cyber Resilience: Recommendations for Board of Directors

Verified

Added on 2023/06/03

AI Summary

This report provides recommendations to the board of directors for the integration of cybersecurity and resilience protocols. The report is relevant to the subject of corporate governance and can be used for the course code XYZ in the college/university ABC.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Corporate
Governance
Running Head: Corporate Governance 0
Student’s Name

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CORPORATE GOVERNANCE 1
Contents
Covering Letter...........................................................................................................................................2
Annexure A......................................................................................................................................3
Introduction......................................................................................................................................3
Cybersecurity System......................................................................................................................4
The need for Cybersecurity.............................................................................................................4
Cyber Resilience..............................................................................................................................5
Common Cyberattacks.....................................................................................................................6
Cybersecurity and Management......................................................................................................7
Conclusion.....................................................................................................................................10
References......................................................................................................................................12

CORPORATE GOVERNANCE 2
Covering Letter
To Date: 22 January 2019
The Board of Directors
Subject: - Recommendations on the application of cyber resilience protocols
Respected Sirs/
As asked by you, i have prepared a report on the matter of cybersecurity and resilience protocol
of organization. The report is attached herewith as Annexure “A” and it is to hope that the same
would fulfill the purpose.
Thanking you
Anni Watson
Corporate Governance Consultant

CORPORATE GOVERNANCE 3
Annexure A
Introduction
In the current era, the use of technologies in businesses is very normal. In the context of an
organization, technology refers to the computers, database, internet, networks and so on
(Learn.org, 2019). Organizations use these technologies with the purpose to reduce the human
efforts and to bring out more productivity out of the business activities. There are many benefits
of these technologies that an organization enjoys. Nevertheless, the negative side of such use is
also there. Use of technology also brings certain dangers for the organization, which is closely
related to cyber-attacks. A cyber attack can be understood as an attack on a computer system or
network with the intention to destroy or damage the same. A cyber-attack can be done in many
forms, which attract the negative results on the functioning of an organization (Lehto and
Neittaanmäki, 2018). Hacks and data breaches are the most common of cyber threats that an
organization often faces. In order to protect the local networks and database from such attacks, a
proper system of cybersecurity is required in an organization. In such a manner, the management
of an organization is responsible to ensure the accountability, integrity, and confidentiality in the
use of technology.
By reviewing the cyber-attack cases on daily basis, this is clear that hackers are developing
techniques of hacking day by day and therefore the cybersecurity system of an organization must
be capable to mitigate the risks out of the incidents of hacking. The report is targeted at briefing
the different elements of cybersecurity in the organization. The meaning of cyber resilience, the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

CORPORATE GOVERNANCE 4
requirement of the same, the role of the board is mentioned in the report. In conjunction with
this, a set of recommendation is provided for the board of directors, which they can use while
integrating cybersecurity protocol.
Cybersecurity System
Cybersecurity system is referred to as the protection of the internet-connected system
(Economictimes.indiatimes.com, 2019). This also includes the protection of data, software, and
hardware from cyber attacks. The lead objective of this system is to provide a safeguard to data
centers and other computerized systems from unauthorized access and another kind of cyber-
attacks (Rouse, 2018). Every organization has different cybersecurity system according to the
nature of business operations.
The need for Cybersecurity
This is also necessary to know that what the requirement of cybersecurity system is. The role of
cybersecurity system is very crucial in every organization. In the world of technology, the data of
any business is available and secured to the computer systems. Cyber-attacks can destroy all
these information within few seconds. The need for cybersecurity is not limited to the protection
of business information but the same is extended up to the information related to client and other
stakeholders (Pribanic, 2018). Organizations have huge data on their systems and therefore the
development of cybersecurity is an essential act to do. Following are some of the incidents that
can happen in the absence of a cybersecurity system:-
Financial Frauds

CORPORATE GOVERNANCE 5
Loss of privacy
Manipulation of data
Reputational damages
In addition to the aforementioned issues, the issue of intellectual property right protection is also
a concern. Hackers often breach the privacy of others and use their intellectual property in their
own name. The public keeps trust in an organization and the same breaches when an issue of
data leakage comes into notice. To prevent the aforesaid as well as other issues in the
organization, the cybersecurity system needs to be in place.
Cyber Resilience
Before providing the recommendations to board in respect to integration of cyber resilience
protocols, it seems to be important to have a look upon this term once. It is a relatively new term
and is similar to cybersecurity. However, there is a difference between cybersecurity and cyber
resilience (Shoemaker, Kohnke and Sigler, 2018). According to the definition provided by
Australian Securities & Investments Commission, cyber resilience is the ability of an
organization to-
Prepare for
Respond to and
Recover from the cyber attack
Resilience is not limited to the prevention of a cyber-attack but the same also include the ability
of an entity to operate during a cyber-attack and to recover out of a cyber-attack
(Senseofsecurity.com.au, 2019). Cyber resilience is helpful for an organization at the event of
cyber-attacks.

CORPORATE GOVERNANCE 6
Common Cyberattacks
A cyber-attack has many of the forms and the cybersecurity manager of the organization is
required to be aware of these forms of an attack. The same can lead the economic as well as
reputational damages to the organization. Few of the most common kind of cyber-attacks are
discussed below-
Phishing: - This is the most general kind of cyber-attack. The lead victims of this fraud
are the innocent individuals that are not well versed with the technology. In this kind of
cyber fraud, hackers send some e-mails or text messages to the people, which look like e-
mails from authentic sources (Incapsula.com, 2019). Nevertheless, in actual these e-mail
comes from the fraud sources and the lead purpose of such e-mails are to steal the
personal and sensitive data. For instance, login credentials and credit card details (Rost
and Glass, 2011). By way of phishing, a hacker can get the details of clients, customers,
or suppliers of an organization.
Malware: - The lead intention of this cyber-attack is to make harm to the computer
system or network by using a program or program or a file. These programs and files are
known as malware. Spyware, Trojan horses, worms, and computer viruses are examples
of malware (Parkinson, Crampton and Hill, 2018). Malware usually attacks a system
when a user clicks on some dangerous links. The damages happen because of malware
are the potential base to get the information out of a system.
Password attack: - Usually organization keeps the confidential data secured with a
password. In such a situation, the possibilities of password attacks are very high. Hackers
required a password to access the client database, payment details, and other sensitive

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CORPORATE GOVERNANCE 7
information. Hackers generally use script or program to crack the passwords (Mittal,
2018).
Social Media Threats: - Organizations these days using social media as the method of
business promotion. Companies address the public information through this mode but the
same can prove dangerous for the entity (Frias and Cordero, 2018). With the use of social
media, numbers of social media threats are also increasing. Hackers can make the fake
account on the name of the company and can get confidential information from the
partners and other stakeholders. Such attacks are also a risk to the reputation of the
company as hackers post the information that leads the adverse results to the public
image and goodwill of the organization.
The above are only a few examples of cyber-attacks. In actual an organization faces many other
challenges related to the security of network systems. These challenges are identity theft and
cyber attacking, e-mail bombing and many others. In addition to this, the cyber-attacks also
increase the other crimes in the organization such as internal fraud, money laundering, and
others.
Cybersecurity and Management
With the development of corporate governance principles by Australian Stock Exchange, now it
is the responsibility of the board of directors of the company to ensure the development of good
governance. All the stakeholders look forward to the management of the company for the best
practices. The board of directors the people responsible for good as well as bad corporate
governance and therefore they are required to work in the best possible mode and manner. Data
security is just another area of operation where the best judgment rule of the board is required.

CORPORATE GOVERNANCE 8
Regulators expect the board as well as the overall management of the company to plan their
cybersecurity structure in an intelligent and effective manner. In recent time, APRA, as well as
ASIC, issued certain guidelines in order to improve corporate resilience (Kommers, Isaias and
Issa, 2014). In this manner, it seems to be necessary to develop the cybersecurity at board level.
Apart from ASIC and APRA, the world economic forum is also working in the sector of
cybersecurity of the organization and has issued the tools and principles for the board to advance
the cyber resilience (Schwab and Davis, 2018). The tools offered by the forum are mainly
focused on the governance and strategy. The board of the company has significant governance
functions that include the governance of the overall organization. To initiate the cybersecurity
and resilience protocol effectively on board level, certain recommendations have been made,
which are mentioned as follow:-
 Responsibility: - The board of directors is required to take responsibility for cyber
resilience. Board is the highest management of an organization and is such a manner
should take the ultimate responsibility of cybersecurity (Bloomberg.com, 2017). Here,
the board is recommended to share the scope of cyber resilience and the same can also
develop some committees such as cyber resilience committee to oversee the related
activities. The responsibilities and functions of all the personnel should be clearly defined
at executive as well as operational level.
 Regular Updation:- Board should keep itself updated with the latest cyber-attacks or in
other words the same should have the latest knowledge of the subject. If the members of
board find themselves unable to get the update of the latest trends then the same are
advised to take the help of independent or outsider expert.

CORPORATE GOVERNANCE 9
 Integration with overall governance:- The board needs to know that cybersecurity
functions are also a part of corporate governance and the same should be part of the
overall corporate governance structure. In other words, this is to say that the board should
consider the cybersecurity as one of the activities of the company while allocating the
budget and reviewing the risk management system of the entity.
 Accountable officer: - In order to ensure the continued corporate survival and improved
business performance, the board is advised to make a person liable for the reporting and
review of matters related to cybersecurity. However the whole board is responsible to
review the issues related to cyber-attacks, but appointing a person particularly for this
purpose or making the same accountable can smooth the practices at board level.
 Risk Assessment: - Only development of cybersecurity protocols is not enough but the
assessment of the same is equally significant. The board is required to instruct the
accountable officer to prepare the risk assessment report for the consideration of the
board. Board in this manner holds the manager responsible to timely review all the cyber-
attack incident and threats and to prepare a quantified report on the same.
 Risk appetite:- The board is required to timely review the risk tolerance level of the
organization with respect to cyber-attacks. The further board is to ensure that the cyber-
attack event was under the limit of set standards (Weforum.org, 2017). In addition to this
board is advised to timely review the past as well as future risk exposures along with the
industrial benchmark and regulatory requirements.
 Review: - Similar to every other managerial plans and practice, the cybersecurity
protocols and practices are also required to be a review. The lead purpose of this review
is to check the victory and letdowns of the cyber resilience protocols. With the help of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

CORPORATE GOVERNANCE 10
this review, the board can come to know about the gaps in the present system. Further,
this is also necessary to state that such review should not be a one-time process but is
required to be continuing ever.
 Amendments: - After reviewing the loopholes and failures of current cybersecurity
policy, the board would be able to make the changes in the same. Here it becomes the
responsibility of the board to make the amendments wherever is require and to
communicate the same to all the people involved in the process.
The above points are simply a recommendation and views of the directors are invited on the
same.
Conclusion
In order to wrap up this report, this is to mention that after reviewing the same one is expected to
understand the value of cybersecurity in the organization. In the world full of technology,
chances of cyber attacks are very high. Organizations from all the industry are facing the issue of
system failure and facing economic as well as goodwill loss. Hackers these days are being smart
and updated and therefore the traditional methods and techniques seem to fail. Subjective report
developed it is focused on many terms related to the topic. Starting from the general
introduction, the meaning and requirement of cybersecurity system have been discussed.
Assuming that chairperson, as well as other board members, have the basic knowledge of the
technical terms, the meaning of the same has not been prescribed. Further, some basic kind of
cyber-attacks has discussed in the report, as the board is required to be aware of the same.
Further, among these common cyber-attacks, few such as Malware, phishing, social media
threats have defined in details. These all information has been included in the report with the

CORPORATE GOVERNANCE 11
purpose to make the board well versed with the related terms. Further, while describing the role
of the board in the cyber resilience, recommendations have been made for the same. These
recommendations are generally the activities that the board is advised to do while dealing with
the issue of cyber-attacks and implementing the cybersecurity policies. Some of the means that
have suggested are a risk assessment, regular updation, and review and so on. By using these
means and practices, board best integrate its cybersecurity and resilience protocols.

CORPORATE GOVERNANCE 12
References
Bloomberg.com,.(2017) Advancing Cyber Resilience: Principles and Tools for Boards. [online]
Available from: https://www.bloomberg.com/news/sponsors/zurich/advancing-cyber-resilience-
principles-and-tools-for-boards/?adv=6712&prx_t=ppUCA7aYMAM0ANA&ntv_fr [Accessed
on 23/01/2019]
Economictimes.indiatimes.com. (2019) Definition of 'Cyber Security'. [online] Available from:
https://economictimes.indiatimes.com/definition/cyber-security [Accessed on 23/01/2019]
Frias, T., and Cordero, J. (2018) Cybersecurity: On Threats Surfing the Internet and Social
Media. Telly Frias Jr Cordero.
Incapsula.com. (2019) Phishing Attacks. [online] Available
from:https://www.incapsula.com/web-application-security/phishing-attack-scam.html [Accessed
on 23/01/2019]
Kommers,P., Isaias, P., and Issa, K. (2014) The Evolution of the Internet in the Business Sector:
Web 1.0 to Web 3.0. USA: IGI Global.
Learn.org (2019) What Is Computer Internet Technology?. [online] Available from:
https://learn.org/articles/What_is_Computer_Internet_Technology.html [Accessed on
23/01/2019]
Lehto, M., and Neittaanmäki, P. (2018) Cyber Security: Power and Technologyi.
Switzerland :Springer.
Parkinson, S., Crampton, A., and Hill, R. (2018) Guide to Vulnerability Analysis for Computer
Networks and Systems: An Artificial Intelligence Approach. Switzerland :Springer.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CORPORATE GOVERNANCE 13
Pribanic, E. (2019) Role of Cybersecurity in an Organization. [online] Available from:
https://www.techfunnel.com/information-technology/role-cyber-security-organization/
[Accessed on 23/01/2019]
Rost, J. and Glass, R., L. (2011) The Dark Side of Software Engineering: Evil on Computing
Projects. John Wiley & Sons.
Rouse, M. (2019) Cybersecurity. [online] Available from:
https://searchsecurity.techtarget.com/definition/cybersecurity [Accessed on 23/01/2019]
Schwab, K., and Davis, N. (2018) Shaping the Future of the Fourth Industrial Revolution: A
guide to building a better world. UK: Penguin UK.
Senseofsecurity.com.au. (2019) What is Cyber Resilience?. [online] Available from:
https://www.senseofsecurity.com.au/what-is-cyber-resilience/ [Accessed on 23/01/2019]
Shoemaker, D., Kohnke,, A, and Sigler, K. (2018) How to Build a Cyber-Resilient Organization.
NW: CRC Press.
Weforum.org. (2017) Advancing Cyber Resilience Principles and Tools for Boards. [online]
Available from: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-
Tools.pdf [Accessed on 23/01/2019]

1 out of 14

+13062052269

info@desklib.com

Corporate Governance and Cyber Resilience: Recommendations for Board of Directors

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Corporate Governance and Ethics: Cybersecurity Policy of the Company

Strategies for Cybersecurity and Resilience in Organizations

Cyber Security in Corporate Governance: Ways to Improve Cyber Resilience and Integration with Cyber Security

Cyber Security and Cyber Resilience: A Board of Directors' Guide

Cyber Security and Resilience: Best Practices for Organizations

PfSense: A Comprehensive Cybersecurity Tool for Intrusion Detection System