Cybersecurity: What the Board of Directors Needs to Ask
Cybersecurity continues to pose a serious risk that the board needs to actively measure and continuously monitor as part of the organization's strategy.
The overwhelming number of cybercrime incidents has forced boards to ask strategic and thoughtful questions directed toward management and internal audit. The board needs to take a more proactive role in cybersecurity or face the possibility of lawsuits if there’s a security breach. The Internal Audit Foundation, in partnership with ISACA, commissioned the research report Cybersecurity: What the Board of Directors Needs to Ask to:
- Help directors know how they should react to a cybersecurity breach and what to do.
- Understand that cybersecurity is an enterprisewide issue, not just an IT issue.
- Know what the auditor’s role is in helping the board of directors address cybersecurity.
The report also outlines the National Association of Corporate Directors' (NACD’s) five principles to identify action items for the board and provides a list of top questions every board needs to ask.
About the Author:
Sajay Rai, CPA, CISSP, CISM, has more than three decades of experience and brings a wealth of knowledge in information security and risk, IT audit, business continuity, disaster recovery, and privacy. He served as a partner at Ernst & Young LLP and was also the national leader for Ernst & Young’s security and risk practices. Prior to that he was with IBM, where he led their information security and business continuity practices.
Item Number: 10.5036