Excerpt from Board Member magazine.
By David X Martin
Getting comfortable with your company’s cyber-security program is not just a matter of being able to answer questions like: “Does our organization have the right governance structure?” “Is our company adequately staffed with the right people to address key risks?”
Rather, it’s being able to answer questions like: “Are we thinking about security the right way and where is all this going?” Then even further, “How do I know we are doing OK in terms of cyber-security and what should I be seeing that will make me reasonably comfortable that we’re in good shape?”
The human immune system provides an apt analogy: When a germ breaches the body’s natural barriers, the immune system mounts a three-step defense: Sound the alarm, solve the problem, then recover and remember.