A few days ago I wrote a post on the lack of cybersecurity skills in corporate boards, and how to fix that. This became one of the most popular posts on the blog. That’s why I created this short summary video – that you can easily share with your top management and board members.
The take-aways are:
- Build an information security management system with the most important policies, guidelines, procedures, change mangement and monitoring processes in place
- Select reporting metrics that make sense in terms of the company strategy. Relate impact to financial, customer, organnization and learning, and internal process perspectives.
- Use compliance to drive board focus: regulatory compliance is already central in goverannce work.
- Focus on people when communicating – build a positive security culture by combining bottom-up and top-down approaches.