Boards can no longer relegate cybersecurity to the IT department—but how exactly do they get engaged with people on the frontlines? To get some clarity, Corporate Board Member talked with David X. Martin, author of The Nature of Risk and co-chair of The Directors and Chief Risk Officers Group.
A security awareness program is a formal program with the goal of training users of the potential threats to an organization and how to avoid situations that might put the organization’s data at risk.
Strategic plans define the need for an action, the impact of that particular action and driving forces behind the action. Security strategy in any organization starts with an in-depth analysis of their business.
The military strategy called “Defense in Depth” can be applied to cybersecurity. It has defenders deployed in a series of pre-planned positions from which they can advantageously attack the advancing enemy.
Excerpt from GARP.org Oversight should be grounded in sound management practices By David X Martin Corporate boards of directors have a…