The best thing company boards can do is manage cybersecurity risk is to approach it like any other business risk. To be effective, there must be a working relationship between the boards and the CISO, where goals are aligned, strategy drives protection options, and the business plan gives leadership clear risk appetite choices. A CISO should center their protection goals around high-value business assets and initiatives aligned to the business’s strategic and operational objectives. This person should understand the business at a broad operational level, from the priorities of legal, finance, IT, HR, and R&D to revenue streams, regulatory requirements, and core operations and assets that drive competitive advantage and customer experience. All of those disparate parts of the company have threat exposure across many operational surfaces. As we’ve learned from breaches, attackers will leverage any operational exposure to get a foothold, including facilities, personnel, and a company’s supply chain. […]
The post Your company should manage your cyber risk like any other risk appeared first on CyberScoop.
Continue reading Your company should manage your cyber risk like any other risk→