Homepage ICON International Communications newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Key Cybersecurity Questions Boards Need to Address

Announcement posted by ICON International Communications 24 Aug 2015

New ISACA Report Released Today Calls for New Approaches to Cybersecurity

Sydney, Australia (24 August 2015)—Cyber protection is no longer a technical issue; it is a business issue requiring board attention, and cybersecurity needs to be approached in a holistic manner, states a new report from global IT association ISACA. The guidance, titled “The Cyberresilient Enterprise:  What the Board of Directors Needs to Ask,” was released late last week.

 

The new paper describesthe need for governance over critical cyber events to help reduce the impact of cyber incidents and restore normal business. Included in the in-depth guidance are 19 key questions board members should ask to create a resilient enterprise that connects protection and recovery to the goals of the organisation and implements programs for the sustainability of essential services.

 

“Today’s attacks on enterprises are persistent and advanced, no enterprise is 100% secure. It is no longer sufficient to only focus on prevention and detection,” said Ron Hale, Ph.D., CISM, chief knowledge officer of ISACA. “As the paper points out, board members need to evaluate the operational risk inherent in today’s digital business and direct management to ensure that the enterprise is more than just protected—it is resilient. This guide offers key questions boards should be asking to become a resilient enterprise and continue its mission of value creation.”

 

According to the paper, to be cyber resilient the enterprise must understand and prioritise stakeholder needs, identify the core business processes needed to meet the mission and goals of the enterprise and understand the potential impact a cyber event will have on the business. Key questions boards should ask include:

·         Is sufficient attention given to the ability to defend against intrusions as well as the ability to recover and restore essential functions and services?

·         Is the board routinely informed about the potential material operational risk and risk mitigation strategies as well as incidents that could impact the brand?

·         To what extent have essential services and functions been identified and programs implemented to provide for their resilience in the event of a disruption or cyber incident?

 

The paper also spells out ways enterprises can maximise business continuity and sustainability by:

·         Responding when an incident is detected.

·         Having an integrated capability that connects protection with detection, response, recovery the continuance of core services and functions.

 

“Incident response is crisis management,” said Hale. “Enterprises need to consider cybersecurity from this standpoint and be part of an integrated and holistic, enterprise wide approach.”

 

Download the free white paper at www.isaca.org/cyberresilient.

 

 

ISACA

ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global non-profit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.

 

ISACA on Twitter:  https://twitter.com/ISACANews

ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

ISACA on Facebook: www.facebook.com/ISACAHQ