Corporate Governance and Cyber Resilience: Detailed Report
VerifiedAdded on 2019/11/12
|16
|2997
|436
Report
AI Summary
This report delves into the critical intersection of corporate governance and cyber resilience. It begins by defining cyber security and its various elements, including application, information, network security, and disaster recovery. The report emphasizes the crucial role of the board in establishing and maintaining cyber resilience, outlining principles such as responsibility, knowledge, and risk assessment. It explores embedding cyber resilience through assessing exposure, developing security measures, and planning for incident response. A significant portion of the report is dedicated to the board cyber risk framework, covering risk tolerance, identification, and management actions, including mitigation, transfer, acceptance, and avoidance. The report also analyzes the impact of cyber security incidents on businesses, highlighting common threats like data breaches and ransomware. Finally, it discusses considerations for purchasing cyber risk insurance and provides a forward-looking perspective on the future of cyber resilience, offering insights into how boards and business leaders can navigate evolving threats and ensure organizational security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Corporate Governance
[Year]
[Year]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Corporate Governance
Contents
Introduction.................................................................................................................................................3
Elements of cyber security..........................................................................................................................4
Application security.................................................................................................................................4
Information security................................................................................................................................4
Network security.....................................................................................................................................5
Disaster Recovery....................................................................................................................................5
Cyber Resilience Principles for Board.........................................................................................................6
Embedding cyber resilience.........................................................................................................................7
Board Cyber Risk Framework.....................................................................................................................8
Lingering cyber risk portfolio post threat management or mitigation actions..............................................9
Businesses impacted by cyber security incidents.......................................................................................11
Considerations while purchasing cyber risk insurance..............................................................................12
Future of cyber resilience..........................................................................................................................13
Conclusion.................................................................................................................................................14
References.................................................................................................................................................15
2
Contents
Introduction.................................................................................................................................................3
Elements of cyber security..........................................................................................................................4
Application security.................................................................................................................................4
Information security................................................................................................................................4
Network security.....................................................................................................................................5
Disaster Recovery....................................................................................................................................5
Cyber Resilience Principles for Board.........................................................................................................6
Embedding cyber resilience.........................................................................................................................7
Board Cyber Risk Framework.....................................................................................................................8
Lingering cyber risk portfolio post threat management or mitigation actions..............................................9
Businesses impacted by cyber security incidents.......................................................................................11
Considerations while purchasing cyber risk insurance..............................................................................12
Future of cyber resilience..........................................................................................................................13
Conclusion.................................................................................................................................................14
References.................................................................................................................................................15
2
Running Head: Corporate Governance
Introduction
Cyber security or information technology security is the procedure of shielding, networks,
computers, programs and data from attack, damage or illicit access that are aimed for
exploitation. In a computing context security includes both cyber security and physical security.
One of the most challenging essentials of cyber security is that the security risk factor is very
prompt and constant. The conventional approach has been to emphasise large number of assets
on the critical items to guard against major threats, the same necessitates parting ways with less
critical constituents and even minor dangerous threats not safe guarded against. This kind of
approach is inadequate in the present scenario.
Cyber security demands focus and dedication. Cyber security professionals face few challenges
which are Kill chains, zero-day attacks, ransom ware, alert fatigue and budgetary constraints.
Cyber security professionals need a powerful understanding of the above topics and many others,
so that they are able to tackle those challenges more efficiently.
According to Forbes, the world wide cyber security market has risen to $75 billion for the year
2015 and is projected to reach $170 billion in 2020.
3
Introduction
Cyber security or information technology security is the procedure of shielding, networks,
computers, programs and data from attack, damage or illicit access that are aimed for
exploitation. In a computing context security includes both cyber security and physical security.
One of the most challenging essentials of cyber security is that the security risk factor is very
prompt and constant. The conventional approach has been to emphasise large number of assets
on the critical items to guard against major threats, the same necessitates parting ways with less
critical constituents and even minor dangerous threats not safe guarded against. This kind of
approach is inadequate in the present scenario.
Cyber security demands focus and dedication. Cyber security professionals face few challenges
which are Kill chains, zero-day attacks, ransom ware, alert fatigue and budgetary constraints.
Cyber security professionals need a powerful understanding of the above topics and many others,
so that they are able to tackle those challenges more efficiently.
According to Forbes, the world wide cyber security market has risen to $75 billion for the year
2015 and is projected to reach $170 billion in 2020.
3
Running Head: Corporate Governance
Various elements of cyber security
There are various elements of cyber security which includes 1. “Application security”, 2.
“Information security”, 3. “Network security” and 4. “Disaster recovery / business continuity
planning”.
Application security
Application security involves procedures through the improvement life-cycle to protect
applications from risks which may occur due to mistakes in the application design, development,
consumption, improvement or maintenance (Hashim et al., 2016). Methods used for application
security are as follows:
Input parameter authentication
User/Role Validation & Consent
Session supervision, parameter management & exemption management
Auditing and data entry
Information security
Information security shield information from illicit contact to evade individuality theft and to
defend confidentiality. Few techniques which are used to shield this are as follows:
o Documentation, verification & agreement of user
o Crypto technique
4
Various elements of cyber security
There are various elements of cyber security which includes 1. “Application security”, 2.
“Information security”, 3. “Network security” and 4. “Disaster recovery / business continuity
planning”.
Application security
Application security involves procedures through the improvement life-cycle to protect
applications from risks which may occur due to mistakes in the application design, development,
consumption, improvement or maintenance (Hashim et al., 2016). Methods used for application
security are as follows:
Input parameter authentication
User/Role Validation & Consent
Session supervision, parameter management & exemption management
Auditing and data entry
Information security
Information security shield information from illicit contact to evade individuality theft and to
defend confidentiality. Few techniques which are used to shield this are as follows:
o Documentation, verification & agreement of user
o Crypto technique
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Corporate Governance
Network security
Network security comprises of means to safeguard the dependability, reliability, accessibility and
security of the network. Efficient network security aim at diversity of risks and prevent these
risks from moving in or scattering the network (Leclair, 2015). Network security constituents of:
Antivirus and anti spyware
Firewall to protect against illegal access to the network
Intrusion Prevention Systems (IPS), to locate quickly spreading risks, such as “zero day”
or “zero hour” attacks (Group, 2017).
VPN’s to provide protected remote access
Disaster Recovery
Disaster recovery is a process that involves undertaking risk analysis, identifying priorities,
evolving recovery plans to protect against any kind of disaster. Every business must institute
measures for disaster recovery to recommence routine business operations as quickly as possible
post disaster (Stitilis et al., 2017).
5
Network security
Network security comprises of means to safeguard the dependability, reliability, accessibility and
security of the network. Efficient network security aim at diversity of risks and prevent these
risks from moving in or scattering the network (Leclair, 2015). Network security constituents of:
Antivirus and anti spyware
Firewall to protect against illegal access to the network
Intrusion Prevention Systems (IPS), to locate quickly spreading risks, such as “zero day”
or “zero hour” attacks (Group, 2017).
VPN’s to provide protected remote access
Disaster Recovery
Disaster recovery is a process that involves undertaking risk analysis, identifying priorities,
evolving recovery plans to protect against any kind of disaster. Every business must institute
measures for disaster recovery to recommence routine business operations as quickly as possible
post disaster (Stitilis et al., 2017).
5
Running Head: Corporate Governance
Cyber Resilience Principles for Board
Responsibility for cyber resilience: The board is entirely accountable for omission of cyber
threats and resilience. The board may assign major lapse to a standing committee (e.g. risk
committee/ cyber resilience committee).
Command of the subject: Members of the board are educated about various aspects of cyber
resilience upon joining the board and are updated frequently on the latest threats and trends.
Accountable officer: The board nominates one corporate officer for reporting on the
organization’s competence to accomplish cyber resilience and to recommends steps for
executing cyber resilience objectives. The officer has systematic access to board, knowledge of
the matter, adequate ability, understanding and assets to perform these duties.
Integration of cyber resilience: The board ascertains that management is able to amalgamate
cyber resilience and cyber risk valuation in inclusive business policy and also into budgeting and
resource allocation (SBS Team, 2017).
Risk assessment and reporting: The management is held answerable by board for reporting a
measured and comprehensible valuation of cyber risks, threats and actions as a standing schema
item during the course of review meetings. The evaluations are validated using the cyber risk
framework.
Resilience plans: The officer answerable for cyber resilience is supported by the management
and the same is ensured by the board by conception, execution, testing and unending
development of cyber resilience plans, which are fittingly synchronized from one corner to
6
Cyber Resilience Principles for Board
Responsibility for cyber resilience: The board is entirely accountable for omission of cyber
threats and resilience. The board may assign major lapse to a standing committee (e.g. risk
committee/ cyber resilience committee).
Command of the subject: Members of the board are educated about various aspects of cyber
resilience upon joining the board and are updated frequently on the latest threats and trends.
Accountable officer: The board nominates one corporate officer for reporting on the
organization’s competence to accomplish cyber resilience and to recommends steps for
executing cyber resilience objectives. The officer has systematic access to board, knowledge of
the matter, adequate ability, understanding and assets to perform these duties.
Integration of cyber resilience: The board ascertains that management is able to amalgamate
cyber resilience and cyber risk valuation in inclusive business policy and also into budgeting and
resource allocation (SBS Team, 2017).
Risk assessment and reporting: The management is held answerable by board for reporting a
measured and comprehensible valuation of cyber risks, threats and actions as a standing schema
item during the course of review meetings. The evaluations are validated using the cyber risk
framework.
Resilience plans: The officer answerable for cyber resilience is supported by the management
and the same is ensured by the board by conception, execution, testing and unending
development of cyber resilience plans, which are fittingly synchronized from one corner to
6
Running Head: Corporate Governance
another corner of the business. The prerequisite being an officer nominated for monitoring the
performance and reporting the same on regular basis to the board.
Community: The board supports management to join forces with others involved, as applicable
and apt to facilitate complete cyber resilience.
Review: Ensuring that an official, sovereign cyber resilience assessment of the organization is
undertaken annually the board.
Effectiveness: The board from time to time assesses its own effectiveness in the implementation
of these principles or asks for free suggestions for constant perfection (ASIC, 2016).
Embedding cyber resilience
Ascertain the degree of exposure to cyber risk: Recognize the evidence and other resources
viz. rational property, human resources and financial information that are critical to the
organization. It must be made sure that any incident of cyber threat must be dealt with aptly and
effectively. Frequently review the extent of attentiveness of cyber risk within the organization.
Develop and execute measures to safeguard the organization: Continual up-gradation of
company’s security policies and methods involving supervising and scrutinizing policies and
processes. Identify that cyber security is also about human resources and not just technology,
therefore it must be ensured that all involved are appropriately taught. It includes the following:
7
another corner of the business. The prerequisite being an officer nominated for monitoring the
performance and reporting the same on regular basis to the board.
Community: The board supports management to join forces with others involved, as applicable
and apt to facilitate complete cyber resilience.
Review: Ensuring that an official, sovereign cyber resilience assessment of the organization is
undertaken annually the board.
Effectiveness: The board from time to time assesses its own effectiveness in the implementation
of these principles or asks for free suggestions for constant perfection (ASIC, 2016).
Embedding cyber resilience
Ascertain the degree of exposure to cyber risk: Recognize the evidence and other resources
viz. rational property, human resources and financial information that are critical to the
organization. It must be made sure that any incident of cyber threat must be dealt with aptly and
effectively. Frequently review the extent of attentiveness of cyber risk within the organization.
Develop and execute measures to safeguard the organization: Continual up-gradation of
company’s security policies and methods involving supervising and scrutinizing policies and
processes. Identify that cyber security is also about human resources and not just technology,
therefore it must be ensured that all involved are appropriately taught. It includes the following:
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running Head: Corporate Governance
Enhancing knowledge on cyber security threats and vulnerabilities in larger perspective
to involve personnel (Vai et al., 2016).
Presentation/ plays/ acts on cyber security matters, to enhance the extent of involvement
and attention.
Tasking various other departments to aid the IT security department.
Position the assets (both personnel and technological) necessary to recognize a cyber breach well
in advance. Execute and continuously develop processes and procedures for timely scrutiny.
Join forces with peer groups and agencies to enhance the organization’s cyber intelligence
abilities (Wilding, 2016).
Plan and prepare response to, and recovery from, a cyber intrusion: Execute and repeatedly test a
data intrusion response plan Employ and recurrently examine business stability and adversity
recovery methodology like storing the data in the cloud (Conclin, 2017).
Board Cyber Risk Framework.
The evaluation of cyber risk involves the overall cyber security plan by disbursing the requisite
information only to prioritize risk management actions within the programme. The board is
required to understand and evaluate the following:
1. The existing risk tolerance ability of the organization with respect to organization’s cyber
threats and business plans.
2. Cyber threats faced by the organization
8
Enhancing knowledge on cyber security threats and vulnerabilities in larger perspective
to involve personnel (Vai et al., 2016).
Presentation/ plays/ acts on cyber security matters, to enhance the extent of involvement
and attention.
Tasking various other departments to aid the IT security department.
Position the assets (both personnel and technological) necessary to recognize a cyber breach well
in advance. Execute and continuously develop processes and procedures for timely scrutiny.
Join forces with peer groups and agencies to enhance the organization’s cyber intelligence
abilities (Wilding, 2016).
Plan and prepare response to, and recovery from, a cyber intrusion: Execute and repeatedly test a
data intrusion response plan Employ and recurrently examine business stability and adversity
recovery methodology like storing the data in the cloud (Conclin, 2017).
Board Cyber Risk Framework.
The evaluation of cyber risk involves the overall cyber security plan by disbursing the requisite
information only to prioritize risk management actions within the programme. The board is
required to understand and evaluate the following:
1. The existing risk tolerance ability of the organization with respect to organization’s cyber
threats and business plans.
2. Cyber threats faced by the organization
8
Running Head: Corporate Governance
3. Threat management or easing actions and related costs (Ellisen, 2017).
Lingering cyber risk portfolio post threat management or mitigation actions
The procedure is described under the following heads:
1. Examination of the cyber risk portfolio
2. Supervision on relevance of framework
3. Overview on risk benchmarking (HPE, 2016).
The issues mentioned below are critical when a board reviews the cyber risks that can affect the
organization:
1. Cyber risk tolerance level/risk appetite: The board is required to ally the complete threat
tolerance standards with the executive team. A collective effort is required by the board along
with the executive team for elongated sustainability requirements of the share holders it
symbolises. The conversation shall take into consideration future tactical issues, the credible
market conditions and the competitive place of the association. It is necessary to look at the
organization’s capability to prevail over material threats and stabilise the value of endured threat
and the probable production that comes along. This conventional risk of performing trade
includes different types of risks viz. customary risk type like credit risk and new risks like cyber
risk. Consequently, the tolerance measure of risk for each kind and cyber risk in particular, is
required to be resolved (Campbell & Lautenbach, 2017).
2. Cyber risk identification prior to management actions: The recognition of a company’s
cyber risk portfolio will be handed over to board by executive committee. The considerations
into account of the portfolio should be legal, operational, financial, strategic and reputational. It
9
3. Threat management or easing actions and related costs (Ellisen, 2017).
Lingering cyber risk portfolio post threat management or mitigation actions
The procedure is described under the following heads:
1. Examination of the cyber risk portfolio
2. Supervision on relevance of framework
3. Overview on risk benchmarking (HPE, 2016).
The issues mentioned below are critical when a board reviews the cyber risks that can affect the
organization:
1. Cyber risk tolerance level/risk appetite: The board is required to ally the complete threat
tolerance standards with the executive team. A collective effort is required by the board along
with the executive team for elongated sustainability requirements of the share holders it
symbolises. The conversation shall take into consideration future tactical issues, the credible
market conditions and the competitive place of the association. It is necessary to look at the
organization’s capability to prevail over material threats and stabilise the value of endured threat
and the probable production that comes along. This conventional risk of performing trade
includes different types of risks viz. customary risk type like credit risk and new risks like cyber
risk. Consequently, the tolerance measure of risk for each kind and cyber risk in particular, is
required to be resolved (Campbell & Lautenbach, 2017).
2. Cyber risk identification prior to management actions: The recognition of a company’s
cyber risk portfolio will be handed over to board by executive committee. The considerations
into account of the portfolio should be legal, operational, financial, strategic and reputational. It
9
Running Head: Corporate Governance
will generally consist of a significant collection of cyber risks in addition to two major factors of
risk probability and risk impact with each varying to extreme levels.
3. Risk management actions: Post evaluation of cyber risks existing and aligning on their
possibility and effect, the board is required to assess the risk management steps that have been
projected. Risk management steps are encompassed in the organization’s cyber security
programme. Probable sorts of management measures comprise:
Mitigation actions- Each mitigation action has a related budget and predictable lessening of risk.
Risks can be moderated by technical, physical, managerial and administrative capabilities. Some
examples are: – Risk controls pointing people and culture, such as employee training.
Organizational risk controls such as regulation policies, authority, and partaking of intelligence
across industries, or mutual assistance and synchronized reactions. Administrative risk control
measures, such as asset portfolios and risk cataloging. Technical risk control measures like
firewalls, recognition abilities, recovering skills and physical access measure.
Transfer actions- Transmission of threat through insurance agreements in risk market.
Acceptance actions- Risks that are minor or cannot be reduced in an effective way may be
accepted.
Avoidance actions- Risks which are external to the risk tolerance of the organization are to be
avoided (e.g. an item being inhibited from market).
The board is required to recognize the actions to be taken and the one which are deliberately not
to be taken. The executive committee has to priortise on risks and whether the actions taken are
the effective options (Ellisen, 2017).
4. Residual risk portfolio: The residual portfolio is the rate that the board consents as a
representative of the share holders and the stake holders. With application of threat management
10
will generally consist of a significant collection of cyber risks in addition to two major factors of
risk probability and risk impact with each varying to extreme levels.
3. Risk management actions: Post evaluation of cyber risks existing and aligning on their
possibility and effect, the board is required to assess the risk management steps that have been
projected. Risk management steps are encompassed in the organization’s cyber security
programme. Probable sorts of management measures comprise:
Mitigation actions- Each mitigation action has a related budget and predictable lessening of risk.
Risks can be moderated by technical, physical, managerial and administrative capabilities. Some
examples are: – Risk controls pointing people and culture, such as employee training.
Organizational risk controls such as regulation policies, authority, and partaking of intelligence
across industries, or mutual assistance and synchronized reactions. Administrative risk control
measures, such as asset portfolios and risk cataloging. Technical risk control measures like
firewalls, recognition abilities, recovering skills and physical access measure.
Transfer actions- Transmission of threat through insurance agreements in risk market.
Acceptance actions- Risks that are minor or cannot be reduced in an effective way may be
accepted.
Avoidance actions- Risks which are external to the risk tolerance of the organization are to be
avoided (e.g. an item being inhibited from market).
The board is required to recognize the actions to be taken and the one which are deliberately not
to be taken. The executive committee has to priortise on risks and whether the actions taken are
the effective options (Ellisen, 2017).
4. Residual risk portfolio: The residual portfolio is the rate that the board consents as a
representative of the share holders and the stake holders. With application of threat management
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running Head: Corporate Governance
measures to recognize cyber risks will change the real risk understanding of the organization and
residual risks will be the end result. The board is required to make sure that entire amount of
residual portfolio and the budget of risk mitigation, evasion and relocation are lesser than risk
tolerance level as summarized above. The board should ensure that administration put the
residual cyber threat with respect to operational risk portfolio of organisation, to ensure its
updation repeatedly.
Impact of cyber security instances on businesses
Cyber Security Instance Percentage of Respondents Who
Experienced an Instance (%)
Data break and third party provider/supplier 4.4
Data loss/theft of critical evidence 5.3
Denial of service attack 9.1
Physical force attack 2.9
E-mail address or website banned 5.6
Trojan/ Malware infections 17.5
Phishing/ targeted malicious e-mails 18.2
Ransom ware 22.0
11
measures to recognize cyber risks will change the real risk understanding of the organization and
residual risks will be the end result. The board is required to make sure that entire amount of
residual portfolio and the budget of risk mitigation, evasion and relocation are lesser than risk
tolerance level as summarized above. The board should ensure that administration put the
residual cyber threat with respect to operational risk portfolio of organisation, to ensure its
updation repeatedly.
Impact of cyber security instances on businesses
Cyber Security Instance Percentage of Respondents Who
Experienced an Instance (%)
Data break and third party provider/supplier 4.4
Data loss/theft of critical evidence 5.3
Denial of service attack 9.1
Physical force attack 2.9
E-mail address or website banned 5.6
Trojan/ Malware infections 17.5
Phishing/ targeted malicious e-mails 18.2
Ransom ware 22.0
11
Running Head: Corporate Governance
Robbery of laptop or mobile device 3.9
Unlawful access to data by outside user 3.6
Illegal access to data by internal user 3.7
Unlicensed alteration of data 1.3
Website damage 2.5
Considerations while purchasing cyber risk insurance
The policy offers cover up for new evaluation and states responsibility under the compulsory
information break reporting arrangement as mentioned in the Privacy Amendment Bill 2015.
Whether, the insurer proposes imperative breach training or cyber instance responsive services
(provided admittance for insured establishments to IT specialists, forensic auditors, public
relations experts and lawyers) (Fuller, 2017).
The accessibility of value added services like credit monitoring, to assist establishments in
creating and nourishing benevolence with consumers following an information breach.
Policy omissions for obligation presumed under contract. In accordance with Australian common
law, there exists no basis to undertake lawful action for breach of secrecy, third party obligation
claims can be advanced beside protected organizations in agreement. As a result Organizations
should ensure to recognize possible omissions in the strategy that can be relevant to such pledged
claims.
12
Robbery of laptop or mobile device 3.9
Unlawful access to data by outside user 3.6
Illegal access to data by internal user 3.7
Unlicensed alteration of data 1.3
Website damage 2.5
Considerations while purchasing cyber risk insurance
The policy offers cover up for new evaluation and states responsibility under the compulsory
information break reporting arrangement as mentioned in the Privacy Amendment Bill 2015.
Whether, the insurer proposes imperative breach training or cyber instance responsive services
(provided admittance for insured establishments to IT specialists, forensic auditors, public
relations experts and lawyers) (Fuller, 2017).
The accessibility of value added services like credit monitoring, to assist establishments in
creating and nourishing benevolence with consumers following an information breach.
Policy omissions for obligation presumed under contract. In accordance with Australian common
law, there exists no basis to undertake lawful action for breach of secrecy, third party obligation
claims can be advanced beside protected organizations in agreement. As a result Organizations
should ensure to recognize possible omissions in the strategy that can be relevant to such pledged
claims.
12
Running Head: Corporate Governance
Future of cyber resilience
The World Economic Forum anticipates that the tools and philosophy that have been afore
mentioned will offer the ways through which boards and business leaders will be able to take
appropriate steps by certifying that their organizations adopt cyber resilience plans. In the
upcoming years, the Forum shall persist to offer approaching and encourage various
methodologies, comprising the following means:
Continual improvement: These methods are not the ultimate effort on cyber resilience control
and policy. Rather, though planning with associates, the Forum intends to aid as the platform for
constant iteration and enhancement of authority and management tools. Iteration will follow for
these methods, with sustained expansion of the Cyber Risk Framework.
Partnership: Digital networks across the country connect organizations across borders. The
Forum shall endure to work to look after corporations in favor of cyber resilience amongst
boards and high-ranking committee members (KRG, 2017).
Public-private cooperation: The Forum will inform the stake holders to make sure that cyber
security and resilience are a substance of collaboration amongst management, industry and
society.
Leadership: The worldwide growth of digital networking means that the apparatuses which are
being used to promote private sector’s cyber resilience should be modified to aid both the public
sector and society. The Forum will keep on expanding these tools to maintain an extensive range
of leaders.
13
Future of cyber resilience
The World Economic Forum anticipates that the tools and philosophy that have been afore
mentioned will offer the ways through which boards and business leaders will be able to take
appropriate steps by certifying that their organizations adopt cyber resilience plans. In the
upcoming years, the Forum shall persist to offer approaching and encourage various
methodologies, comprising the following means:
Continual improvement: These methods are not the ultimate effort on cyber resilience control
and policy. Rather, though planning with associates, the Forum intends to aid as the platform for
constant iteration and enhancement of authority and management tools. Iteration will follow for
these methods, with sustained expansion of the Cyber Risk Framework.
Partnership: Digital networks across the country connect organizations across borders. The
Forum shall endure to work to look after corporations in favor of cyber resilience amongst
boards and high-ranking committee members (KRG, 2017).
Public-private cooperation: The Forum will inform the stake holders to make sure that cyber
security and resilience are a substance of collaboration amongst management, industry and
society.
Leadership: The worldwide growth of digital networking means that the apparatuses which are
being used to promote private sector’s cyber resilience should be modified to aid both the public
sector and society. The Forum will keep on expanding these tools to maintain an extensive range
of leaders.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Running Head: Corporate Governance
Conclusion
By implementing efficient cyber safety methodology at a nationwide, personal and
organizational level, will help in endorsing fiscal progression and affluence in our county, and
make sure that the industries and contributing personalities, can do so inside a protected cyber
surroundings.
This year’s survey revealed extremely high jump in C-level managers taking accountability for
majority of security breaks in Australia. The rise from 19.5 % to 60% is the biggest YOY
variation witnessed and is in consonance with rest of Asia, swelling from 35% to 65%. There
have been enhancement in the possessions businesses can admit to guide their passage to greater
resilience. Many organizations are employing cyber security frameworks, strategies and
criterions. These possessions are timely restructured and include outstanding suggestions which
majority of the organizations can employ for actual circumstances.
14
Conclusion
By implementing efficient cyber safety methodology at a nationwide, personal and
organizational level, will help in endorsing fiscal progression and affluence in our county, and
make sure that the industries and contributing personalities, can do so inside a protected cyber
surroundings.
This year’s survey revealed extremely high jump in C-level managers taking accountability for
majority of security breaks in Australia. The rise from 19.5 % to 60% is the biggest YOY
variation witnessed and is in consonance with rest of Asia, swelling from 35% to 65%. There
have been enhancement in the possessions businesses can admit to guide their passage to greater
resilience. Many organizations are employing cyber security frameworks, strategies and
criterions. These possessions are timely restructured and include outstanding suggestions which
majority of the organizations can employ for actual circumstances.
14
Running Head: Corporate Governance
References
ASIC, 2016. Cyber resilience assessment report: ASX Group and Chi-X Australia Pty Ltd.,
Available at: http://www.asic.gov.au/media/3563866/rep-468-published-7-march-2016.pdf?
utm_source=report-468&utm_medium=landing-page&utm_campaign=pdfdownload
Campbell, N. & Lautenbach, B., 2017. Telstra Cyber Security Report 2017: Managing risk in a
digital world, Available at:
https://www.telstraglobal.com/images/assets/insights/resources/Telstra_Cyber_Security_Report_
2017_-_Whitepaper.pdf
Conclin, W., 2017. Cyber-Resilience: Seven Steps for Institutional Survival. The EDP Audit,
Control, and Security Newsletter, 55(2), pp.14-22.
Ellisen, M., 2017. Perspectives on cyber risk 2017, Available at:
http://forms.minterellison.com/files/Uploads/Documents/Publications/Articles/
CyberReport2017.pdf
Fuller, B., 2017. 5 Considerations When Purchasing Cyber Insurance, Available at:
https://www.cio.com/article/3202079/security/5-considerations-when-purchasing-cyber-
insurance.html
Group, T.B.C., 2017. Advancing Cyber Resilience: Principles and Tools for Boards, Available
at: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
Hashim, M., Masrek, M. & Yunos, Z., 2016. Elements in the cyber security framework for
protecting the Critical Information Infrastructure against cyber threats, Available at:
15
References
ASIC, 2016. Cyber resilience assessment report: ASX Group and Chi-X Australia Pty Ltd.,
Available at: http://www.asic.gov.au/media/3563866/rep-468-published-7-march-2016.pdf?
utm_source=report-468&utm_medium=landing-page&utm_campaign=pdfdownload
Campbell, N. & Lautenbach, B., 2017. Telstra Cyber Security Report 2017: Managing risk in a
digital world, Available at:
https://www.telstraglobal.com/images/assets/insights/resources/Telstra_Cyber_Security_Report_
2017_-_Whitepaper.pdf
Conclin, W., 2017. Cyber-Resilience: Seven Steps for Institutional Survival. The EDP Audit,
Control, and Security Newsletter, 55(2), pp.14-22.
Ellisen, M., 2017. Perspectives on cyber risk 2017, Available at:
http://forms.minterellison.com/files/Uploads/Documents/Publications/Articles/
CyberReport2017.pdf
Fuller, B., 2017. 5 Considerations When Purchasing Cyber Insurance, Available at:
https://www.cio.com/article/3202079/security/5-considerations-when-purchasing-cyber-
insurance.html
Group, T.B.C., 2017. Advancing Cyber Resilience: Principles and Tools for Boards, Available
at: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
Hashim, M., Masrek, M. & Yunos, Z., 2016. Elements in the cyber security framework for
protecting the Critical Information Infrastructure against cyber threats, Available at:
15
Running Head: Corporate Governance
https://www.researchgate.net/publication/309262805_Elements_in_the_cyber_security_framewo
rk_for_protecting_the_Critical_Information_Infrastructure_against_cyber_threats
HPE, 2016. Advance the fight against cyber threats, Available at: https://hpe-
enterpriseforward.com/wp-content/uploads/2016/04/4AA5-8351ENW.pdf
KRG, 2017. 6 Considerations When Buying Cyber Insurance, Available at:
http://krginsure.com/wp-content/uploads/2017/05/Coverage-Insights-6-Considerations-When-
Buying-Cyber-Insurance.pdf
Leclair, J., 2015. National cybersecurity report. National cybersecurity institute journal, 1(3),
pp.1-68.
SBS Team, 2017. Advancing Cyber Resilience. Principles and Tools for Boards, Available at:
https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/advancing-cyber-resilience-principles-
and-tools-boards
Stitilis, D., Pakutinskas, P., Laurinaitis, M. & Castel, I., 2017. A model for the national cyber
security strategy. The lithuanian case. Journal of security and sustainable issues, 6(3), pp.1-16.
Vai, M. et al., 2016. Secure Embedded Systems. Lincon Lab journal, 1(9), pp.1-13.
Wilding, N., 2016. Cyber resilience: How important is your reputation? How effective are your
people? Business Information Review, 33(2).
16
https://www.researchgate.net/publication/309262805_Elements_in_the_cyber_security_framewo
rk_for_protecting_the_Critical_Information_Infrastructure_against_cyber_threats
HPE, 2016. Advance the fight against cyber threats, Available at: https://hpe-
enterpriseforward.com/wp-content/uploads/2016/04/4AA5-8351ENW.pdf
KRG, 2017. 6 Considerations When Buying Cyber Insurance, Available at:
http://krginsure.com/wp-content/uploads/2017/05/Coverage-Insights-6-Considerations-When-
Buying-Cyber-Insurance.pdf
Leclair, J., 2015. National cybersecurity report. National cybersecurity institute journal, 1(3),
pp.1-68.
SBS Team, 2017. Advancing Cyber Resilience. Principles and Tools for Boards, Available at:
https://www.sbs.ox.ac.uk/cybersecurity-capacity/content/advancing-cyber-resilience-principles-
and-tools-boards
Stitilis, D., Pakutinskas, P., Laurinaitis, M. & Castel, I., 2017. A model for the national cyber
security strategy. The lithuanian case. Journal of security and sustainable issues, 6(3), pp.1-16.
Vai, M. et al., 2016. Secure Embedded Systems. Lincon Lab journal, 1(9), pp.1-13.
Wilding, N., 2016. Cyber resilience: How important is your reputation? How effective are your
people? Business Information Review, 33(2).
16
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.