Ensuring Digital Security Governance in the Modern Business Landscape

Slide Note
Embed
Share

In today's digital landscape, companies and board directors must actively establish good controls to safeguard sensitive information crucial for sustained business operations. This involves understanding risks, enforcing robust security measures, and staying abreast of evolving threats. Failure to prioritize digital security can lead to severe consequences, including financial penalties and reputational damage from data breaches. This article emphasizes the importance of aligning digital security strategies with business objectives to protect assets effectively.

haider
haider Follow

Uploaded on Aug 03, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. ATHENA ALLIANCE Governance: The Digital Security Equation A (New) Director s View L. Haynesworth 2021 Athena Salon WWW.ATHENAALLIANCE.COM

  2. Digital Security Governance Essentials So what??

  3. Digital Security Governance Essentials Why? Companies and the board directors are expected to actively ensure that good controls in place to protect sensitive business / customer information critical to sustained business operations Directors duty of care Security is a strategic business enabler Reputational, financial and legal impacts of significant data loss Includes breach of director duties and personal liability in some jurisdictions Boards must understand what is to be protected, on-going security risks and ensure a robust system is in place to protect the company Significant penalties have been levied in recent years for data breaches including * Equifax, Home Depot, Uber, Morgan Stanley, Yahoo, Capital One, Google, British Airways, Marriott If the Data Breach Doesn t Kill Your Business, the Fine Might Tripwire APR 2019 * Tessian May 21,

  4. Digital Security Essentials What is it? Every digital asset in the enterprise to be protected to ensure tamper-free access on demand! All IT devices across all environments computers, servers, networks, storage, phones, all operational systems, all development systems and cloud instances All data flowing through and at rest in the enterprise All SW every application, tool, database, scripts Resources needed to do the job IT resources, talent and funding Across all org boundaries including 3rdparty AND the strategy for managing, protecting assets today and innovation needed for the future What and Where is it? Does your company have an accurate view of all the digital assets?

  5. Digital Security Governance Essentials How? A board director sees enterprise digital security through the eyes of risk seeking to ensure that the risk profile is understood and within an acceptable tolerance level Processes & procedures Clear Lines of Authority / Controls Ransomware policy Escalation, IR / BC / DR processes Geopolitical Evolving threats Evolving laws data privacy Security status / trends Employee engagement / training External /cross-industry trends Independent assessment of maturity Vulnerabilities Independent validation, testing and exercises Risks A director s perspective must be shaped by understanding the threat view from outside and inside the enterprise

  6. Digital Security Governance Essentials How and When? Balance level of detail and current status with risk perspective, view of the future Anchor the board with fundamental information set the baseline Materiality assessment and translation to overall risk picture in alignment with appetite Critical status / security trend Hygiene health Incidences / dwell time Current / emerging threats Current and potential impacts Gaps to achieve acceptable security posture Audit / testing results and trends Employees Adequacy of resources Financial Critical talent Tech Security insurance adequacy Key stakeholders include the CIO, CISO, Legal, Communications, and Human Resources Recommend security risk status / impacts/ mitigations be addressed at each board meeting

  7. Digital Security Governance Essentials Best Practice Considerations 1. Understand the applicable laws, regulations, and guidance, leverage experts within or outside the organization. 2. Know what types of data the organization has and how it is protected. 3. Build compliance into the governance structure designate board oversight responsibilities. Ensure adequate skills on the board and management team. 4. Ensure that the company has robust information security program and policies tailored to the organization, and they are implemented and followed. 5. Ensure that an organizational risk assessment has been conducted and is periodically updated. 6. Ensure that the organization has an adequate cyber incident response plan, and that it is updated and practiced. Test the system: organizations should conduct cyber breach exercises, penetration tests, incident response Source: NACD, Carter Ledyard & Milburn LLP

  8. Digital Security Essentials Best Practice Considerations 7. Review the technology infrastructure for data security and information management and ensure that it is current and updated regularly (anti-virus and anti-malware software, encryption, etc.) 8. For public companies, ensure that there are effective disclosure controls and procedures that enable the organization to make accurate and timely disclosures, including as related to cybersecurity. Ensure that public filings adequately address cybersecurity risks, policies, oversight, and incidents. 9. Ensure that there is employee training and education on cyber and data protection policies, and the identification of red flags. 10.Conduct risk assessment of third-party vendors. Ensure that vendors with access to the organization s data have adequate cybersecurity and privacy policies to protect such data. 11.Review and assess adequacy of insurance coverage for data breaches and cyber-related incidents and consider separate cybersecurity insurance. Review/assess whether directors and officers insurance covers breach liability. Require quarterly reporting of digital security risks and events, including updates from internal audit to enable directors to determine material risk and take action where needed Source: NACD, Carter Ledyard & Milburn LLP

  9. ATHENA ALLIANCE Governance: The Digital Security Equation WWW.ATHENAALLIANCE.COM

  10. Backup Info

  11. Digital Security Essentials Bottom Line Know what is important to protect in your company Know where you are in protecting that information across the enterprise, including 3rdparties? Establish the acceptable level of risk Take action to resto

  12. Digital Security Governance Essentials Best Practice Considerations 1. Understand the applicable laws, regulations, and guidance, leverage experts within or outside the organization. 2. Know what types of data the organization has and how it is protected. 3. Build compliance into the governance structure designate board oversight responsibilities. Ensure adequate skills on the board and management team. 4. Ensure that the company has robust information security program and policies tailored to the organization, and they are implemented and followed. 5. Ensure that an organizational risk assessment has been conducted and is periodically updated. 6. Ensure that the organization has an adequate cyber incident response plan, and that it is updated and practiced. Test the system: organizations should conduct cyber breach exercises, penetration tests, incident response 7. Review the technology infrastructure for data security and information management and ensure that it is current and updated regularly (anti-virus and anti-malware software, encryption, etc.) 8. For public companies, ensure that there are effective disclosure controls and procedures that enable the organization to make accurate and timely disclosures, including as related to cybersecurity. Ensure that public filings adequately address cybersecurity risks, policies, oversight, and incidents. 9. Ensure that there is employee training and education on cyber and data protection policies, and the identification of red flags. 10. Conduct risk assessment of third-party vendors. Ensure that vendors with access to the organization s data have adequate cybersecurity and privacy policies to protect such data. 11. Review and assess adequacy of insurance coverage for data breaches and cyber-related incidents and consider separate cybersecurity insurance. Review/assess whether directors and officers insurance covers breach liability. Require quarterly reporting of digital security risks and events, including updates from internal audit to enable directors to determine material risk and take action where needed Source: NACD, Carter Ledyard & Milburn LLP

Related


Understanding Data Governance and Security in Higher Education Institutions

Understanding Data Governance and Security in Higher Education Institutions

lucius
The Praia Group on Governance Statistics Handbook

The Praia Group on Governance Statistics Handbook

cross
TVET Colleges Governance Report Summary June 2023

TVET Colleges Governance Report Summary June 2023

mollie
The Shift from Government to Governance

The Shift from Government to Governance

princess
The Importance of Digital Identity in Modern Society

The Importance of Digital Identity in Modern Society

cormac
Understanding Digital Transformation in the Age of Cybersecurity Insight

Understanding Digital Transformation in the Age of Cybersecurity Insight

kaylen
Digital Competency Maturity Model 2.0 for Accounting Firms - Overview and Implementation

Digital Competency Maturity Model 2.0 for Accounting Firms - Overview and Implementation

aman
Transforming Governance Programme by Cause4

Transforming Governance Programme by Cause4

irina
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Transforming Analytics Landscape with Data Governance: A Strategic Approach

Transforming Analytics Landscape with Data Governance: A Strategic Approach

perseus
Understanding Digital Government Technology Platforms for Effective Governance

Understanding Digital Government Technology Platforms for Effective Governance

seraphim
Building Your Digital Skills with WorldSkills UK and Accenture

Building Your Digital Skills with WorldSkills UK and Accenture

mari
Intro to Governance of Ontario Nonprofit Corporations.

Intro to Governance of Ontario Nonprofit Corporations.

eliot
Enhancing Higher Education Governance in Saudi Universities: A Case Study of Jeddah University

Enhancing Higher Education Governance in Saudi Universities: A Case Study of Jeddah University

kason
European Open Science Cloud Governance Development Forum Summary

European Open Science Cloud Governance Development Forum Summary

eva_fai
Empowering Communities with Discover Digital Project: A Guide to Digital Health and Wellbeing

Empowering Communities with Discover Digital Project: A Guide to Digital Health and Wellbeing

evarose
Advancing Digital Transformation Through European Digital Identity Wallet Initiative

Advancing Digital Transformation Through European Digital Identity Wallet Initiative

ivar
Digital Skills Pack March 2021 Overview

Digital Skills Pack March 2021 Overview

kacper
Challenges and Progress in Chilean Infrastructure Development

Challenges and Progress in Chilean Infrastructure Development

aster
Insights on Global Governance and Multistakeholderism for Activists

Insights on Global Governance and Multistakeholderism for Activists

tymoteusz
Enhancing Governance and Service Delivery: Insights from PNG Australia Governance Partnership

Enhancing Governance and Service Delivery: Insights from PNG Australia Governance Partnership

zaven
Oxford Health Digital Health & Care Strategy Summary 2021-26

Oxford Health Digital Health & Care Strategy Summary 2021-26

ashleigh
Evolving Security Practices in DevOps: A Holistic Approach

Evolving Security Practices in DevOps: A Holistic Approach

madisyn

More Related Content

Understanding Security Management in an ICT Environment
Understanding Security Management in an ICT Environment
Governance Decision Authorities Matrix Overview
Governance Decision Authorities Matrix Overview
Evolution of Company Secretaries as Key Governance Professionals
Evolution of Company Secretaries as Key Governance Professionals
Understanding Computer Security Principles and Practices
Understanding Computer Security Principles and Practices
Power BI Governance Strategies by Chris Seferlis
Power BI Governance Strategies by Chris Seferlis
Understanding Scanners and Digital Imaging
Understanding Scanners and Digital Imaging
Understanding the Role of a Board of Directors and Company Secretary in Corporate Governance
Understanding the Role of a Board of Directors and Company Secretary in Corporate Governance
Introduction to CMS Target Life Cycle (TLC) Initiate Phase
Introduction to CMS Target Life Cycle (TLC) Initiate Phase
Understanding Digital Media: A Grade 3-5 Introductory Lesson on Digital Wellness
Understanding Digital Media: A Grade 3-5 Introductory Lesson on Digital Wellness
Ensuring Cloud Security: Strategies for a Safe Transition
Ensuring Cloud Security: Strategies for a Safe Transition
Governance for Digital Solutions and Enterprise Architecture Review
Governance for Digital Solutions and Enterprise Architecture Review
Course Overview: E/Digital Government at UIN SUSKA Riau
Course Overview: E/Digital Government at UIN SUSKA Riau
Management Control Systems and Governance in the Institutional Context
Management Control Systems and Governance in the Institutional Context
Role and Functions of Company Secretary in Corporate Governance
Role and Functions of Company Secretary in Corporate Governance
Legal Implications of the Digital Economy in Malawi
Legal Implications of the Digital Economy in Malawi
2022 Thales Access Management Index
2022 Thales Access Management Index
State of Letaba TVET College: Presentation to Portfolio Committee
State of Letaba TVET College: Presentation to Portfolio Committee
Governance & the Curriculum Committee: Understanding Regulations and Structures for Effective Governance
Governance & the Curriculum Committee: Understanding Regulations and Structures for Effective Governance
Understanding Governance: Concepts, Principles, and Importance
Understanding Governance: Concepts, Principles, and Importance
NHS Sussex Governance Handbook Overview
NHS Sussex Governance Handbook Overview
Tesla's Corporate Governance Overview
Tesla's Corporate Governance Overview
Corporate Governance Failures and Best Practices in Financial Institutions
Corporate Governance Failures and Best Practices in Financial Institutions
Understanding Governance and Compliance in Today's World
Understanding Governance and Compliance in Today's World
Understanding Data Governance and Data Analytics in Information Management
Understanding Data Governance and Data Analytics in Information Management