By Christophe Veltsos, Security Intelligence
1. Seek to Understand the Mandate and Role of the CISO
2. Get to Know the Security Team Before an Incident
3. Review the CISO’s Network of Influence
4. Assess the CISO’s Performance and the Organization’s Security Posture
5. Actively Review the Cybersecurity State of the Organization
Boards need to make sure that the organization is making adequate progress in shoring up its most critical cyber risks, leveraging internal audits and external penetration tests, and conducting red team exercises.
“Security and risk management must become part of every business decision, and nobody within the enterprise is better positioned to advocate for those issues than the CISO.” — Fast Company The relationship between the chief information security officer (CISO) and the board of directors is a topic that has received increased visibility in the past few years. The 2017 edition of the “Director’s Handbook on Cyber-Risk Oversight,” published by the National Association of Corporate Directors (NACD), is full of insights on the CISO-board relationship and provides updated recommendations for board directors to follow regarding oversight of cyber risks.