Citation Edit

National Association of Corporate Directors, Cyber-Risk Oversight: Executive Summary (Director's Handbook Series 2014 ed.) (full-text).

Overview Edit

In this publication, the NACD (in collaboration with the American International Group and the Internet Security Alliance) cited five cybersecurity principles for boards. The principles state:

  • Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
  • Directors should understand the legal implication of cyber risks as they relate to their company's specific circumstances.
  • Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the board meeting agenda.
  • Directors should set the expectation that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget.
  • Board and management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate or transfer through insurance, as well as specific plans associated with each approach.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.