Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Should Your Board of Directors be Managing Your Security?

Should your board of directors be managing your security?

This is not a rhetorical question. Ensuring a good security posture requires that your board of directors and senior management are on board and support your efforts at securing corporate data.

Let’s pose a few questions:

Why you want your board of directors involved?

One fundamental reason is to provide ‘peace of mind’ to your board. Involving them fulfills their due diligence and demonstrates a standard of due care.

Involving your board also aligns senior management to your security program It aligns external and internal auditors to your security initiatives and priorities. It also eases challenges as board of director commitments, risk tolerance parameters and representations are taken seriously by senior management and other stakeholders.

Ensuring a good security posture requires that your board of directors and senior management support your efforts at securing corporate data.

Why your board should be concerned?

As the recent Target credit card breach demonstrated, security and privacy breaches can have significant and material financial impact to a business. Cyber threats and breaches are increasing in complexity, frequency and magnitude. Examples of risks associated with cyber threats include:

  • Compromised customer data
  • Diminished brand and reputation
  • Loss of investor and consumer confidence and loyalty
  • Stolen sensitive intellectual property
  • Compliance and regulatory sanctions
  • Network or systems outages and down time
  • The Board of Directors and senior management have a significant responsibility to understand and support their organization security and privacy posture. In addition, both implicitly or explicitly set the risk tolerance level for the organization. Finally, they are responsible for ensuring those empowered to make information security risk decisions, on behalf of the company, stay within those risk tolerance parameters.

How should you align security to your business?

Aligning security to the business is key to gaining your board and senior management support. Document how information security projects and initiatives are aligned with the organization's strategic business objectives. Your information security strategy should have a forward looking aspect that embeds information security into the business and IT planning process and focuses on emerging trends and technology to address evolving risks and business changes.

You should also show how information security contributes to the organization's success. The role of information security in addressing market, privacy, technology and regulation risks. Illustrate how information security will enable business objectives and initiatives. Highlight how effective security governance can enhance the interests of all the stakeholders (e.g. customers, business units, employees, auditors, etc.) in a cost effective manner. Reflect the organization's risk appetite. Be consistent with the management and reporting of other types of risk in the organization (operational, financial, market).

My next post will talk about how you need to benchmark your security posture, align information security posture to the business objectives, have a risk assumption framework to effectively resolve contested risk issues, and report and communicate with your board and senior management.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training