Cyber and Digital Risk as Board Level Responsibility
Added on 2022-11-28
11 Pages3352 Words87 Views
Leadership Management
|
|
|
Running head: CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Name of the Student
Name of the Organization
Author Note
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Name of the Student
Name of the Organization
Author Note
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
1
With the specific kind of reality regarding various breaches of cyber security which
has been ever present, there has been a huge tendency in the literature of the governance of
board for treating all the various risks of cyber security much differently rather than some
risks which have been facing the organization (Piggin 2014). The boards have been tasked
very much longer with the protection of their respective companies from various risks which
are greatly significant. All the various duties of the board have been observed to be falling
within six different categories involving scheme, talent, culture, compliance, governance and
risk. With respect to that of cyber security, the duties of the board in each of such categories
is known to be playing a great critical role in the specific kind of active oversight of the
program of cyber security of the company. Each and every director must be possessing a
generalised understanding of the risk related to cyber security and what will be actually
meaning for the responsibilities of the directors. While it has been known that the basic
obligations of the judgement of the business of all the directors are quite similar for this kind
of area of risk which has been emerging, the cyber security is itself considered to be a subject
which will be both complex as well as dynamic. For the management of the company and all
the various boards, a number of record of very much recent intrusions have been
demonstrating that the risk of cyber security is quite significant as some other risks under the
purviews of the boards involving the strategic, financial and the compliance one (Epstein
2014). Just like all the boards have been totally charged with the work of overseeing all the
financial systems of the company and also various controls, they even possess with the
specific duty of overseeing the cyber security management of the company involving the
oversight of proper strategies of the mitigation of risk, procedures as well as controls. With
any proper accountability as well as overseeing, all the various governance systems of the
cyber security of the organization, procedures as well as policies can be totally rendered
without any meaning and this will be leaving behind the entire enterprise totally vulnerable to
1
With the specific kind of reality regarding various breaches of cyber security which
has been ever present, there has been a huge tendency in the literature of the governance of
board for treating all the various risks of cyber security much differently rather than some
risks which have been facing the organization (Piggin 2014). The boards have been tasked
very much longer with the protection of their respective companies from various risks which
are greatly significant. All the various duties of the board have been observed to be falling
within six different categories involving scheme, talent, culture, compliance, governance and
risk. With respect to that of cyber security, the duties of the board in each of such categories
is known to be playing a great critical role in the specific kind of active oversight of the
program of cyber security of the company. Each and every director must be possessing a
generalised understanding of the risk related to cyber security and what will be actually
meaning for the responsibilities of the directors. While it has been known that the basic
obligations of the judgement of the business of all the directors are quite similar for this kind
of area of risk which has been emerging, the cyber security is itself considered to be a subject
which will be both complex as well as dynamic. For the management of the company and all
the various boards, a number of record of very much recent intrusions have been
demonstrating that the risk of cyber security is quite significant as some other risks under the
purviews of the boards involving the strategic, financial and the compliance one (Epstein
2014). Just like all the boards have been totally charged with the work of overseeing all the
financial systems of the company and also various controls, they even possess with the
specific duty of overseeing the cyber security management of the company involving the
oversight of proper strategies of the mitigation of risk, procedures as well as controls. With
any proper accountability as well as overseeing, all the various governance systems of the
cyber security of the organization, procedures as well as policies can be totally rendered
without any meaning and this will be leaving behind the entire enterprise totally vulnerable to
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
2
various kinds of attacks. In the recent world of the various materials which have been
reported about various data breaches, the boards cannot at all claim that the huge lack in the
awareness as an exact defence against various allegations of several failures. All the different
holders of share and regulators have been hugely demanding for a much better evidence of
the attentiveness of the director towards all the various cyber risks (Schneider 2015). A
number of various cases have been well demonstrated where breaches will be resulting in
several calls for the removal of the director and even though several directors can be re-
[elected, the company will be facing a number if the lawsuits of the class action.
The specific pervasiveness of the breaches of data has been able to place the topic of
cyber security firmly upon the agenda of the Board of the Directors. It is actually forming a
particular part of the responsibility as the several board members for understanding the
landscape of the threat, recent best practices and all that company will be doing for protecting
all the customers, holders of share and also the employees (van Baalen 2018). This has
actually led towards the creation of several cyber groups which have been working along
with some other groups of risk. Possessing a fully different group of cyber risk will be
actually allowing for the proper focus level as well as oversight for being greatly integrated
into the management of the risk of enterprise without any kind of overloading of the
committee of with work. There are a number if main or rather key activities which must be
done by the Board of Directors and also the committee of the cyber risks for the purpose of
minimizing the risk and then finally obtain security with the mindset of the prevention.
Induct: There will be the induction proper training of generating awareness of security
across all the various levels of the enterprise.
Establishment: There will be the establishment of various protocols which will be
reporting as well as several attestation systems for transferring various agents as well as
vendors of the third party.
2
various kinds of attacks. In the recent world of the various materials which have been
reported about various data breaches, the boards cannot at all claim that the huge lack in the
awareness as an exact defence against various allegations of several failures. All the different
holders of share and regulators have been hugely demanding for a much better evidence of
the attentiveness of the director towards all the various cyber risks (Schneider 2015). A
number of various cases have been well demonstrated where breaches will be resulting in
several calls for the removal of the director and even though several directors can be re-
[elected, the company will be facing a number if the lawsuits of the class action.
The specific pervasiveness of the breaches of data has been able to place the topic of
cyber security firmly upon the agenda of the Board of the Directors. It is actually forming a
particular part of the responsibility as the several board members for understanding the
landscape of the threat, recent best practices and all that company will be doing for protecting
all the customers, holders of share and also the employees (van Baalen 2018). This has
actually led towards the creation of several cyber groups which have been working along
with some other groups of risk. Possessing a fully different group of cyber risk will be
actually allowing for the proper focus level as well as oversight for being greatly integrated
into the management of the risk of enterprise without any kind of overloading of the
committee of with work. There are a number if main or rather key activities which must be
done by the Board of Directors and also the committee of the cyber risks for the purpose of
minimizing the risk and then finally obtain security with the mindset of the prevention.
Induct: There will be the induction proper training of generating awareness of security
across all the various levels of the enterprise.
Establishment: There will be the establishment of various protocols which will be
reporting as well as several attestation systems for transferring various agents as well as
vendors of the third party.
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
3
Replacement: Replacement of duplicative as well as legacy technology with various
platforms that will be natively working altogether.
Implementation: Implementation of all the various tools that will be stripping all the
various codes which are malicious as well several links from emails.
Segmentation: Segmentation of various parts of the network into several zones of risk.
This can be actually providing great visibility about which all the various applications as
well as users will be greatly trying to specifically move in between them.
Leverage: Leveraging the automation in all the defences for the reduction of the burden
on various teams of security.
Restriction: There has been a great restriction to the access to all the various tools based
upon SaaS for all the employees who will be possessing no justification of the business
for utilising them.
Perform: Performing various periodic assessments of risk or rather several cyber audits
for the determination if either any extra vulnerabilities will be existing and paying a
specific attention towards all the safeguards as well as controls around several records of
the employee (Schlesinger 2018).
Governance of Cyber Security
The very first question which arises for all the boards is all regarding the one who is
actually owning the management of the risk of cyber security at the level of the board. It has
been observed that typically, all the boards mostly delegate the oversight of cyber security to
the particular committee of audit or rather to the committee of risk if the one is the particular
part of the governance structure of the board for a view which will be much more
concentrated with several reports towards the full board (Spremić and Šimunic 2018). At the
level of management, the CEO has been actually accountable to the particular board for
managing all the various risks of cyber security. A CEO must be looking for the information
3
Replacement: Replacement of duplicative as well as legacy technology with various
platforms that will be natively working altogether.
Implementation: Implementation of all the various tools that will be stripping all the
various codes which are malicious as well several links from emails.
Segmentation: Segmentation of various parts of the network into several zones of risk.
This can be actually providing great visibility about which all the various applications as
well as users will be greatly trying to specifically move in between them.
Leverage: Leveraging the automation in all the defences for the reduction of the burden
on various teams of security.
Restriction: There has been a great restriction to the access to all the various tools based
upon SaaS for all the employees who will be possessing no justification of the business
for utilising them.
Perform: Performing various periodic assessments of risk or rather several cyber audits
for the determination if either any extra vulnerabilities will be existing and paying a
specific attention towards all the safeguards as well as controls around several records of
the employee (Schlesinger 2018).
Governance of Cyber Security
The very first question which arises for all the boards is all regarding the one who is
actually owning the management of the risk of cyber security at the level of the board. It has
been observed that typically, all the boards mostly delegate the oversight of cyber security to
the particular committee of audit or rather to the committee of risk if the one is the particular
part of the governance structure of the board for a view which will be much more
concentrated with several reports towards the full board (Spremić and Šimunic 2018). At the
level of management, the CEO has been actually accountable to the particular board for
managing all the various risks of cyber security. A CEO must be looking for the information
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Best Practices for Cyber Resilience in Corporate Governancelg...
|15
|3336
|471
Corporate Governance Principles and Risk Assessment: A Case Study of Coca-Cola Amatillg...
|13
|2425
|183
Corporate Governance and Risk Managementlg...
|11
|2516
|119
Corporate Governancelg...
|4
|719
|371
Auditing Theory and Practicelg...
|19
|3873
|249
Cyber Security And Assessment of Risklg...
|10
|2256
|21