The Internet Security Alliance (ISA), in collaboration with the American International Group (AIG) and the National Association of Corporate Directors (NACD), has announced the release of the latest issue in NACD’s Director’s Handbook Series on Cyber-Risk Oversight.
The guidelines are designed specifically for corporate boards, and includes five key strategies all corporate boards of directors should consider as they seek to enhance their oversight of cyber risks and make wise resource investment calculations.
“Recent breaches in both the public and private sectors have put the issue of cybersecurity on every board’s agenda. This handbook is a natural extension of ISA’s mission to create private sector standards and practices that integrate both the technological and economic aspects of cybersecurity,” said Larry Clinton, president and CEO of ISA.
“ISA has for years advocated the need to elevate the discussion on cyber security beyond the technical issues and personnel to the senior management and corporate board level. Naturally, we are delighted to work with NACD and AIG on this project and very pleased they turned to the ISA to craft the best practices.”
This publication advocates strategies for broad spectrum of board-level considerations related to cybersecurity efforts, including guidance on board composition, potential liability implications, security event disclosure issues, gaining access to relevant security expertise, and the calibration of an organization’s risk appetite.
“The complexity of cyber threats has grown dramatically over the past decade. As the intricacy of attacks increases, so does the risk they pose to corporations,” said Mark Camillo, head of cyber products for the Americas Region for AIG. “Conscientious and comprehensive oversight at the board level is essential.”
The coalition advises that boards of directors adapt any recommendations in the guidelines based on their organization’s own unique characteristics, size, maturity, business objectives, industry sector, and overall corporate culture.
“We have crafted this set of best practices to place initiatives such as the NIST framework within the context that boards and senior managers focus on such as growth, profitability and innovation,” Clinton said. “Building on that board level analysis, we provided specific and research-based steps every corporate board should be taking to address this Issue in a true risk management fashion.”