A few days ago I wrote a post on the lack of cybersecurity skills in corporate boards, and how to fix that. This became one of the most popular posts on the blog. That’s why I created this short summary video – that you can easily share with your top management and board members.
The Take-Aways Are:
- Build an information security management system with the most important policies, guidelines, procedures, change management, and monitoring processes in place.
- Select reporting metrics that make sense in terms of the company strategy. Relate impact to financial, customer, organization and learning, and internal process perspectives.
- Use compliance to drive board focus: regulatory compliance is already central in governance work.
- Focus on people when communicating – build a positive security culture by combining bottom-up and top-down approaches.