7 cyber security questions for boards
TRANSCRIPT
![Page 1: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/1.jpg)
Cyber security questions for boards7
???????
![Page 2: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/2.jpg)
risk oversight is a
function of the full
Board…yet
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
![Page 3: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/3.jpg)
Did you know 50% OF BOARDS
SEE Cyber Security AS AN I.T. ISSUE?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 4: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/4.jpg)
That means 50% Are doing
it wrong
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 5: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/5.jpg)
full Board
involved in
cyber risks =25%
Good
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 6: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/6.jpg)
no Board
INVOLVEMENT in
cyber risks =30%
Bad
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 7: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/7.jpg)
26% OF BOARDS SAY CISO or CSO
makes a presentation to the Board once
a year
UGLY
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 8: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/8.jpg)
28% SAY their security
leaders make no
presentations at all.
UGLIER
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 9: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/9.jpg)
What about 3rd Party vendors?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 10: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/10.jpg)
23% do not evaluate 3rd parties - that number is
probably much higher
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 11: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/11.jpg)
cyber training is neglectedKPMG Poll
![Page 12: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/12.jpg)
only 50% of EMPLOYEES RECEIVE
PERIODIC cyber TRAINING
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 13: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/13.jpg)
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
only 50% of EMPLOYEES
RECEIVE Initial cyber
TRAINING
![Page 16: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/16.jpg)
So here are the 7
questions
![Page 17: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/17.jpg)
How are key business processes
affected by different types of
cyber attacks?
(i.e. Ransom ware, Denial of service,
Data breach, etc)
1
![Page 18: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/18.jpg)
Leads to discussion on what type of
cyber security we have and why
1
![Page 19: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/19.jpg)
Is our physical
security adequate & is
it congruent with our
cyber security?
2
![Page 20: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/20.jpg)
the two are
interrelated
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
2
![Page 21: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/21.jpg)
who are our 3rd party
vendors?
3
![Page 22: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/22.jpg)
and what risks do
they pose?
3
![Page 23: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/23.jpg)
who is responsible for
cyber security
training?
4
![Page 24: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/24.jpg)
HR, IT, CISO, etc?
4
![Page 25: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/25.jpg)
Have officers and
directors received
cyber security /
information assurance
training?
5
![Page 26: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/26.jpg)
these are high profile,
high risk positions
\
5
![Page 27: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/27.jpg)
how do we vet our
administrators?
\
6
![Page 28: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/28.jpg)
snowden was a
contractor…just
saying
\
6
![Page 29: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/29.jpg)
who’s working for
you?
\
6
![Page 30: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/30.jpg)
who does the ciso
report to and why?
\
7
![Page 31: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/31.jpg)
Cyber security questions for boards71. How are key business processes affected by different types of cyber attacks?
2. Is our physical security congruent with our cyber security?
3. who are our third party vendors?
4. who is responsible for cyber security training?
5. have officers and directors received cyber security training?
6. How do we vet our administrators?
7. Who does the ciso report to?
www.paulmcgillicuddy.com
![Page 32: 7 cyber security questions for boards](https://reader035.vdocument.in/reader035/viewer/2022081401/58f9a7c1760da3da068b5d40/html5/thumbnails/32.jpg)
Share please