Excerpt from AccountingWeb.com
By David X Martin
Getting comfortable with your company’s cybersecurity program is not just a matter of being able to answer questions like: “Does our organization have the right governance structure?” or “Is our company adequately staffed with the right people to address key risks?”
Rather, it’s being able to answer questions like: “Are we thinking about security the right way, and where is all this going?” and “How do I know we are doing okay in terms of cybersecurity, and what should I be seeing that will make me reasonably comfortable that we’re in good shape?”