The 2023 Director's Handbook on Cyber Risk Oversight has been released. Kudos to NACD (National Association of Corporate Directors), Internet Security Alliance, Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI).
The Handbook treats cyber as a business risk, not as an IT function, that is best served as a collaboration among industry, Government, and Law Enforcement.
It outlines six principles:
1. Cybersecurity as a Strategic Risk
2. Legal and Disclosure Implications
3. Board Oversight Structure and Access to Expertise
4. An Enterprise Framework for Managing Cyber Risk
5. Cybersecurity Measurement and Reporting
6. Encouraging Systemic Resilience and Collaboration.
The alignment with initiatives like the recently released National Cybersecurity Strategy from the Office of the National Cyber Director, The White House, and proposed rule changes from the U.S. Securities and Exchange Commission is very encouraging.
Personally, I am excited. What do you think?
How will Board Structures evolve?
Download the report: https://lnkd.in/eBCBVPBW
Read the media release: https://lnkd.in/eDwstemG
Feel free to weigh in online.
https://www.linkedin.com/posts/alex-sharpe-3rd_sec-regulation-cybersecurity-activity-7045137679511904256-vSGr?utm_source=share&utm_medium=member_desktop
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------