InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
In assessing cyber risk posture, enterprises often lack options that effectively report cyber risk in a manner understandable to senior business executives and boards. These options can lack financial and business context, and transparency around process
and methodology. They are also often mired in jargon that is not relatable to a non-technical audience. This piece explains how companies can benefit by implementing cyber resilience exercises to help all stakeholders understand the full economic
and systemic impact of a cyber incident.
Consider the current cyber risk reporting options available to communicate to executive leadership and the board:
Organizations should consider an approach that addresses a combination of outside-in, inside-out and economic loss modeling relative to the cyber risk exposure, including:
Boards of directors and management are also expected to demonstrate to investors due care in the governance and oversight of cyber risk. Moreover, global regulators continue to roll out privacy rules that are underpinned by the need for strong cyber hygiene
with severe consequences for failure. These strong regulatory signals, combined with pervasive global dialogue, represent a rising tide in the need for strong cyber risk oversight and will impact the decision-making and expectations from investors
during the next decade.
RELATED CONTENT: Educating the Board of Directors on Information Security
Boards and senior executives still lack a comprehensive understanding of their cyber exposure and their organization’s ability to recover from an attack. An approach that leverages a 360 inside-out/outside-in enterprise view aligned to cyber scenarios
and economic exposure is needed. Regulators, investors, business executives and board directors should expect transparency and independence in this process.
Targeted exercises involving the entirety of the enterprise, starting with the board on down, should cover:
Modeling a sound cyber resilience exercise requires the entirety of the enterprise, from the board of directors down to management. To be successful, organizations should consider:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.