logo

Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards

12 Pages3245 Words237 Views
   

Added on  2023-06-06

About This Document

This article discusses cyber resilience and how corporate boards can develop policies and practices to ensure cyber security and continuity. It covers principles, toolkits, and frameworks for cyber resilience and provides recommendations for future considerations.

Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards

   Added on 2023-06-06

ShareRelated Documents
Running head: Corporate Governance and Ethics
Corporate Governance and Ethics
Name of the Student
Name of the University
Author Note
Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards_1
1Corporate Governance and Ethics
Introduction: What is cyber resiliency?
Cyber Resilience can be understood as the ability of an organization to continue its
business normally despite cyber incidents. This involves the concepts of information security
and organizational continuity. Here cyber incidents are those incidents that adversely affect
the integrity, availability and confidentiality of information and networked information
technology systems and can be intentional or unintentional (Rodriguez et al. 2015). The
objective of cyber resilience if to ensure that an organization is able to continue its normal
order of work even after incidents of cyber security incidents through the restoration of the
normal IT mechanisms from backup or contingent systems. Cyber resilience is different from
Cyber Security, which deals with the security of the information system, data and IT
infrastructure (Björck et al. 2015). Cyber Security ensures availability, integrity and
confidentiality of digital information and the IT infrastructure (such as networked computers,
routing systems and servers). Good Cyber Security helps to protect against adverse cyber
incidents and is therefore is high on the agenda list in all business and organizational sectors
(Harrop and Matteson 2015).
Since the engagement of the World Economic Forum in cyber security, two main
ideas have emerged: Cyber Resilience is an issue of leadership and the importance of going
beyond cyber security to develop a more robust and effective cyber security and cyber
resilience policy (Hathaway 2013; Johnson 2015; weforum.org 2017).
Discussion:
Several considerations have been outlined by the World Economic Forum that can
support Cyber Resilience in an organization which includes Principles of cyber resilience,
Cyber Principles Toolkit, Board Cyber Risk Framework and Board Insights on Emerging
Technology Risks. This information can help to develop policies and practices that can
Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards_2
2Corporate Governance and Ethics
develop cyber resilience and cyber security in an organization (weforum.org 2017).
Discussed below are the considerations and how they can be used to develop best practices to
initiate Cyber Resilience Policy at the Corporate Board level:
Principles of the Board to ensure Cyber Resilience:
The main principles that should be considered by the Corporate Board include:
responsibility for cyber security and resilience, knowledge of cyber resilience, accountability,
integration, risk tolerance, risk assessment and reports, planning, collaboration, reviews and
effectiveness. These principles dictate the responsibilities of the corporate board to ensure
cyber security and cyber resilience (Ormrod and Turnbull 2018; weforum.org 2017).
Discussed next is how such principles can influence the cyber resilience policies:
The principles identified above can be used to develop a cyber resilience policy that
has the following implications: 1) Entire board should have the apex responsibility to oversee
the cyber security and cyber resiliency in the organization and can delegate some of the tasks
to risk committee or cyber resilience committee. 2) Orientation programs should be
developed for the board to keep them up to date on the trends and risks in cyber security or
cyber resilience therefore enhancing their knowledge and understanding of the subject. 3)
Allocating an officer who would be accountable for monitoring and reporting cyber incidents,
assess the ability of the organization to manage protocols or implement goals of cyber
resilience. 4) Integrating the cyber resilience policies and practices into the business plan,
including the organizational risk management practice and budgeting/allocation of resources.
5) Developing an understanding of the extent to which the organization can handle or tolerate
adverse cyber events both for current and future risks. This can helps to set to setup a
benchmark for organization. 6) The board can delegate the tasks of assessing and reporting
cyber security and resilience incidents which can be discussed in the board meetings with the
Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards_3
3Corporate Governance and Ethics
management. 7) Developing cyber resilience plan with the support of the management and
having the cyber security officer to develop implement and test cyber security protocols and
practices to improve cyber resilience. 8) The board should also collaborate with the
stakeholders to systematize the process of cyber resilience and involve their perspectives and
expectations into the process. 9) Involving an independent system for reviewing the cyber
resilience of the organization, this can be conducted every year. 10) The Board also has the
responsibility to review their own performances in the implementation of cyber security and
cyber resilience practices and seeking advices from independent bodies as and when required
to ensure continuous development in the practices (weforum.org 2017; George 2017;
Wardekker et al. 2017).
Toolkits for Cyber Resilience:
The cyber principles toolkit are important to help the board members to implement
better monitoring and oversight of cyber resilience responsibilities and help in a more
effective implementation of those practices. The toolkit is developed on the bases of the 10
principles of resiliency that can be adopted by the corporate board (Linkov and Kott 2018).
Discussed below on how the toolkit can be associated with each of the principle discussed
above to monitor and manage cyber resilience of the organization:
1) To ensure responsibility of cyber resilience, the scope of the responsibilities should
be discussed in detail during board meetings. This can help to determine whether the board
should take the complete responsibilities of cyber resilience or if needs to be delegated to a
specific committee. 2) Board member should go through an orientation program for cyber
resilience when they join the organization, and should have a good knowledge on cyber
security and its oversight practices. The orientation should focus on the risk perspectives of
cyber security. Independent assessments can also be done to provide a benchmark to the
Cyber Resilience: Principles, Toolkits, and Frameworks for Corporate Boards_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Integration of Cyber Security and Resilience Protocols
|12
|3291
|393

Corporate Governance & Ethics Case Study Report based on cyber resilience policy 2017
|15
|3682
|194

Cyber Security and Cyber Resilience: A Board of Directors' Guide
|9
|2583
|350

ACC03043 - Corporate Governance - Report
|11
|2929
|107

Importance of Cyber Resilience and Integration with Cyber Security
|13
|3221
|178

Cyber Security and Resilience: A Report for the Board of the Company
|10
|3070
|72