Apple shareholders this past week made a request of Apple’s Board of Directors to provide a report regarding how Apple and its board oversees security and privacy risks. The request cites many of the recent privacy and security issues that have plagued Apple, making headlines and even leading to litigation. The issues include the those surrounding UDIDs and iCloud, which they fear could lead to slow growth of the company and negatively affect shareholder value.
The request cites Ponemon Institute reports that highlight the cost of data breaches to corporations and how data breaches negatively affect brand reputation, leading to a decline in sales. In addition, they cite Carnegie Mellon University Cylab’s 2012 Governance Study “How Boards & Senior Executives Are Managing Cyber Risks,” listing recommendations for reviews and assessments of a company’s security posture, including the need for regular reports from senior management regarding privacy and security risks.
Tripwire and the the Ponemon Institute recently highlighted in their joint study “The State of Risk Based Security” the need for systematic techniques in the evaluation of risks that impact an organization’s information assets and infrastructure. When we begin to see shareholders of a company like Apple with one of the highest market caps in technology demand security risk assessments from their boards, we understand why connecting security to the business is so critical.
The trick is how will security executives be able to communicate to the board and in turn the shareholders to put their minds at ease? With all of the variables involved in securing systems, servers, network devices, how can you easily quantify and measure the security risk of your organization? To borrow a phrase from Apple themselves: Tripwire has an app for that.