[ This article was originally published here ]
By , CISSP, CCSP a risk specialist and SME for the Federal Reserve Bank of Cleveland. He has worked in technology and cybersecurity consulting for 15 years. Allen currently serves on the Board of Directors of ISSA North Texas, E-Council’s Ethical Hacking Advisory Board and contributed to CISSP reviews for (ISC)². He is a certified ethical hacker and certified threat intelligence analyst.
The purpose of a Board of Directors is to provide governance and hold senior management accountable, including implementing cybersecurity strategy within established cyber risk appetite. A goal for any organization is generating revenue from business activities, which in most cases involves the use of technology and systems exposed to the internet. The use of technology and systems that process and store data has inherent risks that may result in the loss of data confidentiality, integrity and availability. Organizations will never be able to eliminate this inherent risk, but can reduce it to acceptable levels, which depend on the established cyber risk appetite. Cyber risk appetite can be viewed as the aggregate level and types of cyber risk the firm’s board is willing to accept in their quest to achieve strategic business objectives. When the board sets enterprise-wide risk appetite with the advice from the chief risk officer and second line of defense experts, this team also defines cyber risk appetite for the organization with some level of granularity. Monitoring and managing this cyber risk are at the core of cybersecurity reporting to the board.
But why does the board require this reporting? They need this infor ..
Support the originator by clicking the read the rest link below.
