INF80043 Executive Briefing: Cyber and Digital Risk at Board Level
VerifiedAdded on 2022/11/28
|11
|3352
|87
Report
AI Summary
This report examines cyber and digital risk as a critical board-level responsibility, highlighting the increasing significance of cybersecurity in the face of data breaches and evolving threats. It emphasizes the board's role in overseeing cyber security strategy, including risk identification, protection, detection, response, and recovery. The report details key activities such as training, protocol establishment, and technology implementation. It addresses the governance of cyber security, outlining the responsibilities of the CEO, DPO, and other key personnel. Furthermore, it explores the importance of talent, compliance, and risk-based strategies for effective cyber risk management. The report underscores the need for a strategic plan, regular communication between management and the board, and the integration of cyber risk management into the overall enterprise risk management framework. It also emphasizes that the board must ensure that the company has the appropriate talent to accomplish all of its various goals.
Running head: CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Name of the Student
Name of the Organization
Author Note
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Name of the Student
Name of the Organization
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
With the specific kind of reality regarding various breaches of cyber security which
has been ever present, there has been a huge tendency in the literature of the governance of
board for treating all the various risks of cyber security much differently rather than some
risks which have been facing the organization (Piggin 2014). The boards have been tasked
very much longer with the protection of their respective companies from various risks which
are greatly significant. All the various duties of the board have been observed to be falling
within six different categories involving scheme, talent, culture, compliance, governance and
risk. With respect to that of cyber security, the duties of the board in each of such categories
is known to be playing a great critical role in the specific kind of active oversight of the
program of cyber security of the company. Each and every director must be possessing a
generalised understanding of the risk related to cyber security and what will be actually
meaning for the responsibilities of the directors. While it has been known that the basic
obligations of the judgement of the business of all the directors are quite similar for this kind
of area of risk which has been emerging, the cyber security is itself considered to be a subject
which will be both complex as well as dynamic. For the management of the company and all
the various boards, a number of record of very much recent intrusions have been
demonstrating that the risk of cyber security is quite significant as some other risks under the
purviews of the boards involving the strategic, financial and the compliance one (Epstein
2014). Just like all the boards have been totally charged with the work of overseeing all the
financial systems of the company and also various controls, they even possess with the
specific duty of overseeing the cyber security management of the company involving the
oversight of proper strategies of the mitigation of risk, procedures as well as controls. With
any proper accountability as well as overseeing, all the various governance systems of the
cyber security of the organization, procedures as well as policies can be totally rendered
without any meaning and this will be leaving behind the entire enterprise totally vulnerable to
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
With the specific kind of reality regarding various breaches of cyber security which
has been ever present, there has been a huge tendency in the literature of the governance of
board for treating all the various risks of cyber security much differently rather than some
risks which have been facing the organization (Piggin 2014). The boards have been tasked
very much longer with the protection of their respective companies from various risks which
are greatly significant. All the various duties of the board have been observed to be falling
within six different categories involving scheme, talent, culture, compliance, governance and
risk. With respect to that of cyber security, the duties of the board in each of such categories
is known to be playing a great critical role in the specific kind of active oversight of the
program of cyber security of the company. Each and every director must be possessing a
generalised understanding of the risk related to cyber security and what will be actually
meaning for the responsibilities of the directors. While it has been known that the basic
obligations of the judgement of the business of all the directors are quite similar for this kind
of area of risk which has been emerging, the cyber security is itself considered to be a subject
which will be both complex as well as dynamic. For the management of the company and all
the various boards, a number of record of very much recent intrusions have been
demonstrating that the risk of cyber security is quite significant as some other risks under the
purviews of the boards involving the strategic, financial and the compliance one (Epstein
2014). Just like all the boards have been totally charged with the work of overseeing all the
financial systems of the company and also various controls, they even possess with the
specific duty of overseeing the cyber security management of the company involving the
oversight of proper strategies of the mitigation of risk, procedures as well as controls. With
any proper accountability as well as overseeing, all the various governance systems of the
cyber security of the organization, procedures as well as policies can be totally rendered
without any meaning and this will be leaving behind the entire enterprise totally vulnerable to
2
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
various kinds of attacks. In the recent world of the various materials which have been
reported about various data breaches, the boards cannot at all claim that the huge lack in the
awareness as an exact defence against various allegations of several failures. All the different
holders of share and regulators have been hugely demanding for a much better evidence of
the attentiveness of the director towards all the various cyber risks (Schneider 2015). A
number of various cases have been well demonstrated where breaches will be resulting in
several calls for the removal of the director and even though several directors can be re-
[elected, the company will be facing a number if the lawsuits of the class action.
The specific pervasiveness of the breaches of data has been able to place the topic of
cyber security firmly upon the agenda of the Board of the Directors. It is actually forming a
particular part of the responsibility as the several board members for understanding the
landscape of the threat, recent best practices and all that company will be doing for protecting
all the customers, holders of share and also the employees (van Baalen 2018). This has
actually led towards the creation of several cyber groups which have been working along
with some other groups of risk. Possessing a fully different group of cyber risk will be
actually allowing for the proper focus level as well as oversight for being greatly integrated
into the management of the risk of enterprise without any kind of overloading of the
committee of with work. There are a number if main or rather key activities which must be
done by the Board of Directors and also the committee of the cyber risks for the purpose of
minimizing the risk and then finally obtain security with the mindset of the prevention.
Induct: There will be the induction proper training of generating awareness of security
across all the various levels of the enterprise.
Establishment: There will be the establishment of various protocols which will be
reporting as well as several attestation systems for transferring various agents as well as
vendors of the third party.
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
various kinds of attacks. In the recent world of the various materials which have been
reported about various data breaches, the boards cannot at all claim that the huge lack in the
awareness as an exact defence against various allegations of several failures. All the different
holders of share and regulators have been hugely demanding for a much better evidence of
the attentiveness of the director towards all the various cyber risks (Schneider 2015). A
number of various cases have been well demonstrated where breaches will be resulting in
several calls for the removal of the director and even though several directors can be re-
[elected, the company will be facing a number if the lawsuits of the class action.
The specific pervasiveness of the breaches of data has been able to place the topic of
cyber security firmly upon the agenda of the Board of the Directors. It is actually forming a
particular part of the responsibility as the several board members for understanding the
landscape of the threat, recent best practices and all that company will be doing for protecting
all the customers, holders of share and also the employees (van Baalen 2018). This has
actually led towards the creation of several cyber groups which have been working along
with some other groups of risk. Possessing a fully different group of cyber risk will be
actually allowing for the proper focus level as well as oversight for being greatly integrated
into the management of the risk of enterprise without any kind of overloading of the
committee of with work. There are a number if main or rather key activities which must be
done by the Board of Directors and also the committee of the cyber risks for the purpose of
minimizing the risk and then finally obtain security with the mindset of the prevention.
Induct: There will be the induction proper training of generating awareness of security
across all the various levels of the enterprise.
Establishment: There will be the establishment of various protocols which will be
reporting as well as several attestation systems for transferring various agents as well as
vendors of the third party.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Replacement: Replacement of duplicative as well as legacy technology with various
platforms that will be natively working altogether.
Implementation: Implementation of all the various tools that will be stripping all the
various codes which are malicious as well several links from emails.
Segmentation: Segmentation of various parts of the network into several zones of risk.
This can be actually providing great visibility about which all the various applications as
well as users will be greatly trying to specifically move in between them.
Leverage: Leveraging the automation in all the defences for the reduction of the burden
on various teams of security.
Restriction: There has been a great restriction to the access to all the various tools based
upon SaaS for all the employees who will be possessing no justification of the business
for utilising them.
Perform: Performing various periodic assessments of risk or rather several cyber audits
for the determination if either any extra vulnerabilities will be existing and paying a
specific attention towards all the safeguards as well as controls around several records of
the employee (Schlesinger 2018).
Governance of Cyber Security
The very first question which arises for all the boards is all regarding the one who is
actually owning the management of the risk of cyber security at the level of the board. It has
been observed that typically, all the boards mostly delegate the oversight of cyber security to
the particular committee of audit or rather to the committee of risk if the one is the particular
part of the governance structure of the board for a view which will be much more
concentrated with several reports towards the full board (Spremić and Šimunic 2018). At the
level of management, the CEO has been actually accountable to the particular board for
managing all the various risks of cyber security. A CEO must be looking for the information
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
Replacement: Replacement of duplicative as well as legacy technology with various
platforms that will be natively working altogether.
Implementation: Implementation of all the various tools that will be stripping all the
various codes which are malicious as well several links from emails.
Segmentation: Segmentation of various parts of the network into several zones of risk.
This can be actually providing great visibility about which all the various applications as
well as users will be greatly trying to specifically move in between them.
Leverage: Leveraging the automation in all the defences for the reduction of the burden
on various teams of security.
Restriction: There has been a great restriction to the access to all the various tools based
upon SaaS for all the employees who will be possessing no justification of the business
for utilising them.
Perform: Performing various periodic assessments of risk or rather several cyber audits
for the determination if either any extra vulnerabilities will be existing and paying a
specific attention towards all the safeguards as well as controls around several records of
the employee (Schlesinger 2018).
Governance of Cyber Security
The very first question which arises for all the boards is all regarding the one who is
actually owning the management of the risk of cyber security at the level of the board. It has
been observed that typically, all the boards mostly delegate the oversight of cyber security to
the particular committee of audit or rather to the committee of risk if the one is the particular
part of the governance structure of the board for a view which will be much more
concentrated with several reports towards the full board (Spremić and Šimunic 2018). At the
level of management, the CEO has been actually accountable to the particular board for
managing all the various risks of cyber security. A CEO must be looking for the information
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
technology of the business. In case of larger organizations, an officer of data protection will
be looking into the information technology for interfacing with that of the board and that
person will be actually held responsible for the management of the risk of cyber security
(Stoddart 2016). This specific approach will be definitely building a particular platform for
the knowledge related to technology. Here, the greatest challenge which has been observed is
the governance of the entire organization needing all the skills of managing communication
and managing project (Antonucci 2017). The DPO must be reporting to a senior member of
the management who will be actually overseeing the program of cyber security of the
enterprise and will also be reporting to the one whom the board can be looking for being
accountable for the cyber security.
Oversight of risk and Strategy of Cyber Security
IT has been well presenting all the boards with the reports of cyber security that will
be greatly technical but there is a great lack in the organization-wide overlay which will be
strategic (Kalia et al. 2015). For the oversight that will be greatly effective, boards must be
holding the entire senior management greatly accountable for making sure that there is the
presence of a very much clear strategy of cyber security and also several controls for
monitoring the entire implementation (Georg 2017). This will be actually needing dialogues
on a regular basis in between the management and the board and sharing of very much useful
as well as proper information involving metrics for tracking the performance and providing
great accountability. Much more essentially, a fully concise and a great levelled strategic plan
of cyber security must be totally guaranteed by both the board and also the senior
management as well (North and Pascoe 2016).
Strategy based upon risk
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
technology of the business. In case of larger organizations, an officer of data protection will
be looking into the information technology for interfacing with that of the board and that
person will be actually held responsible for the management of the risk of cyber security
(Stoddart 2016). This specific approach will be definitely building a particular platform for
the knowledge related to technology. Here, the greatest challenge which has been observed is
the governance of the entire organization needing all the skills of managing communication
and managing project (Antonucci 2017). The DPO must be reporting to a senior member of
the management who will be actually overseeing the program of cyber security of the
enterprise and will also be reporting to the one whom the board can be looking for being
accountable for the cyber security.
Oversight of risk and Strategy of Cyber Security
IT has been well presenting all the boards with the reports of cyber security that will
be greatly technical but there is a great lack in the organization-wide overlay which will be
strategic (Kalia et al. 2015). For the oversight that will be greatly effective, boards must be
holding the entire senior management greatly accountable for making sure that there is the
presence of a very much clear strategy of cyber security and also several controls for
monitoring the entire implementation (Georg 2017). This will be actually needing dialogues
on a regular basis in between the management and the board and sharing of very much useful
as well as proper information involving metrics for tracking the performance and providing
great accountability. Much more essentially, a fully concise and a great levelled strategic plan
of cyber security must be totally guaranteed by both the board and also the senior
management as well (North and Pascoe 2016).
Strategy based upon risk
5
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
The particular strategy which will be greatly based upon the risk will be involving five
different functions that will be together comprising of the particular foundations of the
strategy of the risk of cyber security for any kind of enterprise.
Identification: Development of a proper understanding of the organization of an overall
context of cyber risk involving the management of asset, environment of the business and
the governance as well. In some other words, there can be question regarding all the
several cyber activities that can be greatly harming (Bennett 2015).
Protection: Deployment of a number of safeguards for preventing various intrusions
involving generating awareness, providing training as well as developing control.
Detection: A period discovery must be enabled for a breach of cyber security for limiting
the harm from all the various intrusions via the surveillance, anomaly detection and
various events. There must also be a monitoring of security and several processes for the
detection as well.
Responding: Several plans as well as activities must be well implemented for containing
any kind of damage which will be greatly producing from the breach of cyber security via
the management of crisis which will be greatly comprehensive and also through the
implementation of various exercises of the table top.
Recovering: Development of various plans as well as activities for resuming all the
various normal activities particularly following the event of cyber security involving all
the mitigation of the post event and all the various learned lessons.
Talent
The great responsibility of the board is to particularly ensure that the company
possess with the appropriate talent for accomplishing all of the various goals (Rothrock,
Kaplan and Van Der Oord 2018). All the particular selection as well as the evaluation of the
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
The particular strategy which will be greatly based upon the risk will be involving five
different functions that will be together comprising of the particular foundations of the
strategy of the risk of cyber security for any kind of enterprise.
Identification: Development of a proper understanding of the organization of an overall
context of cyber risk involving the management of asset, environment of the business and
the governance as well. In some other words, there can be question regarding all the
several cyber activities that can be greatly harming (Bennett 2015).
Protection: Deployment of a number of safeguards for preventing various intrusions
involving generating awareness, providing training as well as developing control.
Detection: A period discovery must be enabled for a breach of cyber security for limiting
the harm from all the various intrusions via the surveillance, anomaly detection and
various events. There must also be a monitoring of security and several processes for the
detection as well.
Responding: Several plans as well as activities must be well implemented for containing
any kind of damage which will be greatly producing from the breach of cyber security via
the management of crisis which will be greatly comprehensive and also through the
implementation of various exercises of the table top.
Recovering: Development of various plans as well as activities for resuming all the
various normal activities particularly following the event of cyber security involving all
the mitigation of the post event and all the various learned lessons.
Talent
The great responsibility of the board is to particularly ensure that the company
possess with the appropriate talent for accomplishing all of the various goals (Rothrock,
Kaplan and Van Der Oord 2018). All the particular selection as well as the evaluation of the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
CEO are the major tasks. It is really very much essential that the board will be ensuring all
the various appropriate skills as well as experiences which are actually brought for bearing in
the management if something as important to the specific organization as the cyber security
(Higgs et al. 2016). One of the main areas of the oversight of board is to particularly ensure
that the structure of the organization of the company will be aligned far behind the strategy
and the management will be greatly possessing skills as well as great experience for
executing the strategy. The senior management must be leading all the various decisions of
cyber risk so that the proper strategy of cyber security can be greatly implementing as well as
monitoring throughout the entire enterprise with a specific kind of great oversight by that of
the board. A particular CEO whose company will be managing the cyber security in a very
much well manner will be greatly bringing in a number of various insights as well as
experiences which will be greatly valuable. The exact appropriate technologist of IT can be
positively contributing towards the board but for almost for a number of companies that will
not at all be greatly necessary.
Compliance
Generally, boards are known to be greatly relying upon the specific general counsel,
audits which will be internal as well as the risk management of the enterprise among various
functions for particularly providing a number of various assessments of risks which will be
greatly independent and also for confirming all the various procedures of the management of
risk. For the future which is totally foreseeable, all the various cyber risks are considered to
be much more consequential other than some other risks within the enterprise. It is really very
much essential that the particular general counsel, all the audits which are internal and ERM
will be providing cyber security to a great priority. All the boards must be greatly undertaking
all the various discussions which are greatly proactive with all of various functions for
particularly ensuring that all of the leaders will be definitely able to recognize the fact that
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
CEO are the major tasks. It is really very much essential that the board will be ensuring all
the various appropriate skills as well as experiences which are actually brought for bearing in
the management if something as important to the specific organization as the cyber security
(Higgs et al. 2016). One of the main areas of the oversight of board is to particularly ensure
that the structure of the organization of the company will be aligned far behind the strategy
and the management will be greatly possessing skills as well as great experience for
executing the strategy. The senior management must be leading all the various decisions of
cyber risk so that the proper strategy of cyber security can be greatly implementing as well as
monitoring throughout the entire enterprise with a specific kind of great oversight by that of
the board. A particular CEO whose company will be managing the cyber security in a very
much well manner will be greatly bringing in a number of various insights as well as
experiences which will be greatly valuable. The exact appropriate technologist of IT can be
positively contributing towards the board but for almost for a number of companies that will
not at all be greatly necessary.
Compliance
Generally, boards are known to be greatly relying upon the specific general counsel,
audits which will be internal as well as the risk management of the enterprise among various
functions for particularly providing a number of various assessments of risks which will be
greatly independent and also for confirming all the various procedures of the management of
risk. For the future which is totally foreseeable, all the various cyber risks are considered to
be much more consequential other than some other risks within the enterprise. It is really very
much essential that the particular general counsel, all the audits which are internal and ERM
will be providing cyber security to a great priority. All the boards must be greatly undertaking
all the various discussions which are greatly proactive with all of various functions for
particularly ensuring that all of the leaders will be definitely able to recognize the fact that
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
cyber risk is greatly dynamic. It will also be needing a continuous screening which will be
external for fully new forms of the mitigation of the threat (Osborn and Simpson 2015). On
the other hand, ERM will be both monitoring as well as screening externally all the full new
forms of several cyber risks with the great awareness that some of the various cyber risks will
be a lot qualitative as well as difficult to properly measure. Cyber security has been greatly
becoming an area which will be both legal as well as regulatory where the general counsel
will be leading on all the various disclosures which will be assuring and proper understanding
of various legal risks and enough plans for the management of crisis will be hugely critical
(Lucas 2017).
For a verification which will be greatly independent as to that of the status of the
cyber security program of the company, the board must be considering the authorization very
much strongly of a program of hacking which will be greatly critical (James 2015). The
ethical hacking will be actually designed for uncovering all the various vulnerabilities and is
greatly conducted by a conductor which will be totally external. While the huge value from
that of ethical hacking can be greatly achieved by directly leveraging a number of various
findings across the entire organization for remediating all the several immediate
vulnerabilities of security, the particular activity will be also be possessing essential
implications for all the various internal audits that will be raising awareness (Benaroch and
Chernobai 2017). Finally, all the various auditors which are internal and also the counsel who
is general must be periodically commissioning a strategy of cyber security of the third party
and review of the governance for assuring that the company will be specifically keeping a
great pace with several good practices and the picture will be greatly represented to that of
the board.
Culture
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
cyber risk is greatly dynamic. It will also be needing a continuous screening which will be
external for fully new forms of the mitigation of the threat (Osborn and Simpson 2015). On
the other hand, ERM will be both monitoring as well as screening externally all the full new
forms of several cyber risks with the great awareness that some of the various cyber risks will
be a lot qualitative as well as difficult to properly measure. Cyber security has been greatly
becoming an area which will be both legal as well as regulatory where the general counsel
will be leading on all the various disclosures which will be assuring and proper understanding
of various legal risks and enough plans for the management of crisis will be hugely critical
(Lucas 2017).
For a verification which will be greatly independent as to that of the status of the
cyber security program of the company, the board must be considering the authorization very
much strongly of a program of hacking which will be greatly critical (James 2015). The
ethical hacking will be actually designed for uncovering all the various vulnerabilities and is
greatly conducted by a conductor which will be totally external. While the huge value from
that of ethical hacking can be greatly achieved by directly leveraging a number of various
findings across the entire organization for remediating all the several immediate
vulnerabilities of security, the particular activity will be also be possessing essential
implications for all the various internal audits that will be raising awareness (Benaroch and
Chernobai 2017). Finally, all the various auditors which are internal and also the counsel who
is general must be periodically commissioning a strategy of cyber security of the third party
and review of the governance for assuring that the company will be specifically keeping a
great pace with several good practices and the picture will be greatly represented to that of
the board.
Culture
8
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
All the various cyber risks must be greatly managed by the lens of the total enterprise.
Each and every employee will be possessing specific role to play and there is an importance
of the particular culture of top-down for the management of the risk which will be greatly
evolved. It has been observed that a very much stronger inspiration culture as well as
accountability are considered to be best measures of prevention for various threats from all
the various employees which are totally malicious as well as inattentive (Dzomira 2014).
With regard to that of cyber security, the culture will be either supporting as well as
reinforcing all the various systems as well as the controls or rather it may be overriding all of
them. It is greatly essential that all the various employees will be able to understand that each
one will be possessing a great role as well as obligation for protecting the entire organization
from all the various cyber attacks. They must be actually feeling such that they are actually
empowered for acting so.
Cyber security needs a particular culture of both collaboration as well as
accountability with various efforts which will be greatly geared towards providing support to
the strategy and also towards mitigating all the various cyber risks. If any member of board
will be cavalier regarding all the various passwords or rather attacks of phishing then that
must be well known throughout the entire enterprise.
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
All the various cyber risks must be greatly managed by the lens of the total enterprise.
Each and every employee will be possessing specific role to play and there is an importance
of the particular culture of top-down for the management of the risk which will be greatly
evolved. It has been observed that a very much stronger inspiration culture as well as
accountability are considered to be best measures of prevention for various threats from all
the various employees which are totally malicious as well as inattentive (Dzomira 2014).
With regard to that of cyber security, the culture will be either supporting as well as
reinforcing all the various systems as well as the controls or rather it may be overriding all of
them. It is greatly essential that all the various employees will be able to understand that each
one will be possessing a great role as well as obligation for protecting the entire organization
from all the various cyber attacks. They must be actually feeling such that they are actually
empowered for acting so.
Cyber security needs a particular culture of both collaboration as well as
accountability with various efforts which will be greatly geared towards providing support to
the strategy and also towards mitigating all the various cyber risks. If any member of board
will be cavalier regarding all the various passwords or rather attacks of phishing then that
must be well known throughout the entire enterprise.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
References
Antonucci, D., 2017. The Cyber Risk Handbook: Creating and Measuring Effective
Cybersecurity Capabilities. John Wiley & Sons.
Benaroch, M. and Chernobai, A., 2017. Operational IT failures, IT value-destruction, and
board-level IT governance changes. MIS Quarterly, Forthcoming.
Bennett, S., 2015. Why information governance needs top-down leadership. Governance
Directions, 67(4), p.207.
Dzomira, S., 2014. Electronic fraud (cyber fraud) risk in the banking industry,
Zimbabwe. Risk Governance and Control: Financial Markets and Institutions, 4(2), pp.16-
26.
Epstein, A.J., 2014. Thinking strategically about cyber risk. NACD Directorship, pp.32-35.
Georg, L., 2017. Information security governance: pending legal responsibilities of non-
executive boards. Journal of Management & Governance, 21(4), pp.793-814.
Higgs, J.L., Pinsker, R.E., Smith, T.J. and Young, G.R., 2016. The relationship between
board-level technology committees and reported security breaches. Journal of Information
Systems, 30(3), pp.79-98.
James, D., 2015. Data Protection Does it Apply to Start-Ups?. ITNOW, 57(4), pp.30-31.
Kalia, V., Müller, R., Howell, L., Jonker, P. and Döhler, S., 2015. Risk management at board
level: a practical guide for board members (Vol. 2). Haupt.
Lucas, G.R., 2017. Ethics and Cyber Warfare: The Quest for Responsible Security in the Age
of Digital Warfare. Oxford University Press.
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
References
Antonucci, D., 2017. The Cyber Risk Handbook: Creating and Measuring Effective
Cybersecurity Capabilities. John Wiley & Sons.
Benaroch, M. and Chernobai, A., 2017. Operational IT failures, IT value-destruction, and
board-level IT governance changes. MIS Quarterly, Forthcoming.
Bennett, S., 2015. Why information governance needs top-down leadership. Governance
Directions, 67(4), p.207.
Dzomira, S., 2014. Electronic fraud (cyber fraud) risk in the banking industry,
Zimbabwe. Risk Governance and Control: Financial Markets and Institutions, 4(2), pp.16-
26.
Epstein, A.J., 2014. Thinking strategically about cyber risk. NACD Directorship, pp.32-35.
Georg, L., 2017. Information security governance: pending legal responsibilities of non-
executive boards. Journal of Management & Governance, 21(4), pp.793-814.
Higgs, J.L., Pinsker, R.E., Smith, T.J. and Young, G.R., 2016. The relationship between
board-level technology committees and reported security breaches. Journal of Information
Systems, 30(3), pp.79-98.
James, D., 2015. Data Protection Does it Apply to Start-Ups?. ITNOW, 57(4), pp.30-31.
Kalia, V., Müller, R., Howell, L., Jonker, P. and Döhler, S., 2015. Risk management at board
level: a practical guide for board members (Vol. 2). Haupt.
Lucas, G.R., 2017. Ethics and Cyber Warfare: The Quest for Responsible Security in the Age
of Digital Warfare. Oxford University Press.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
North, J. and Pascoe, R., 2016. Cyber security and resilience It's all about
governance. Governance Directions, 68(3), p.146.
Osborn, E. and Simpson, A., 2015, November. Small-scale cyber security. In 2015 IEEE 2nd
International Conference on Cyber Security and Cloud Computing (pp. 247-252). IEEE.
Piggin, R.S.H., 2014. Governance, risk and compliance: impediments and opportunities for
managing operational technology risk in industrial cyber security and safety.
Rothrock, R.A., Kaplan, J. and Van Der Oord, F., 2018. The board's role in managing
cybersecurity risks. MIT Sloan Management Review, 59(2), pp.12-15.
Schlesinger, M., 2018. Optimal Models for Cyber Insurance for the SME/SMB Markets. Int'l
J. Data Protection Officer, Privacy Officer & Privacy Couns., 2, p.18.
Schneider, R.S., 2015. Surveying the payments landscape, the emergence of digital risk
concepts, and their impact to fraud mitigation (Doctoral dissertation, Utica College).
Spremić, M. and Šimunic, A., 2018. Cyber Security Challenges in Digital Economy.
In Proceedings of the World Congress on Engineering (Vol. 1).
Stoddart, K., 2016. UK cyber security and critical national infrastructure
protection. International Affairs, 92(5), pp.1079-1105.
van Baalen, S., 2018. ‘Google wants to know your location’: The ethical challenges of
fieldwork in the digital age. Research Ethics, 14(4), pp.1-17.
CYBER AND DIGITAL RISK AS BOARD LEVEL RESPONSIBILITY
North, J. and Pascoe, R., 2016. Cyber security and resilience It's all about
governance. Governance Directions, 68(3), p.146.
Osborn, E. and Simpson, A., 2015, November. Small-scale cyber security. In 2015 IEEE 2nd
International Conference on Cyber Security and Cloud Computing (pp. 247-252). IEEE.
Piggin, R.S.H., 2014. Governance, risk and compliance: impediments and opportunities for
managing operational technology risk in industrial cyber security and safety.
Rothrock, R.A., Kaplan, J. and Van Der Oord, F., 2018. The board's role in managing
cybersecurity risks. MIT Sloan Management Review, 59(2), pp.12-15.
Schlesinger, M., 2018. Optimal Models for Cyber Insurance for the SME/SMB Markets. Int'l
J. Data Protection Officer, Privacy Officer & Privacy Couns., 2, p.18.
Schneider, R.S., 2015. Surveying the payments landscape, the emergence of digital risk
concepts, and their impact to fraud mitigation (Doctoral dissertation, Utica College).
Spremić, M. and Šimunic, A., 2018. Cyber Security Challenges in Digital Economy.
In Proceedings of the World Congress on Engineering (Vol. 1).
Stoddart, K., 2016. UK cyber security and critical national infrastructure
protection. International Affairs, 92(5), pp.1079-1105.
van Baalen, S., 2018. ‘Google wants to know your location’: The ethical challenges of
fieldwork in the digital age. Research Ethics, 14(4), pp.1-17.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.