7 board cyber security questions
TRANSCRIPT
![Page 1: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/1.jpg)
Cyber security questions for boards7
???????
![Page 2: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/2.jpg)
risk oversight is a
function of the full
Board…yet
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
![Page 3: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/3.jpg)
Did you know 50% OF BOARDS
SEE Cyber Security AS AN I.T. ISSUE?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 4: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/4.jpg)
That means 50% Are doing
it wrong
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 5: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/5.jpg)
full Board
involved in
cyber risks =25%
Good
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 6: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/6.jpg)
no Board
INVOLVEMENT in
cyber risks =30%
Bad
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 7: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/7.jpg)
26% OF BOARDS SAY CISO or CSO
makes a presentation to the Board once
a year
UGLY
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 8: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/8.jpg)
28% SAY their security
leaders make no
presentations at all.
UGLIER
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 9: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/9.jpg)
What about 3rd Party vendors?
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 10: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/10.jpg)
23% do not evaluate 3rd parties - that number is
probably much higher
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 11: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/11.jpg)
cyber training is neglectedKPMG Poll
![Page 12: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/12.jpg)
only 50% of EMPLOYEES RECEIVE
PERIODIC cyber TRAINING
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
![Page 13: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/13.jpg)
PWC: US cybersecurity: Progress stalled, Key findings from the 2015 US State of Cybercrime Survey
only 50% of EMPLOYEES
RECEIVE Initial cyber
TRAINING
![Page 16: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/16.jpg)
So here are the 7
questions
![Page 17: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/17.jpg)
How are key business processes
affected by different types of
cyber attacks?
(i.e. Ransom ware, Denial of service,
Data breach, etc)
1
![Page 18: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/18.jpg)
Leads to discussion on what type of
cyber security we have and why
1
![Page 19: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/19.jpg)
Is our physical
security adequate & is
it congruent with our
cyber security?
2
![Page 20: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/20.jpg)
the two are
interrelated
NACD DIRECTOR’S HANDBOOK SERIES 2014 EDITION
2
![Page 21: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/21.jpg)
who are our 3rd party
vendors?
3
![Page 22: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/22.jpg)
and what risks do
they pose?
3
![Page 23: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/23.jpg)
who is responsible for
cyber security
training?
4
![Page 24: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/24.jpg)
HR, IT, CISO, etc?
4
![Page 25: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/25.jpg)
Have officers and
directors received
cyber security /
information assurance
training?
5
![Page 26: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/26.jpg)
these are high profile,
high risk positions
\
5
![Page 27: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/27.jpg)
how do we vet our
administrators?
\
6
![Page 28: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/28.jpg)
snowden was a
contractor…just
saying
\
6
![Page 29: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/29.jpg)
who’s working for
you?
\
6
![Page 30: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/30.jpg)
who does the ciso
report to and why?
\
7
![Page 31: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/31.jpg)
Cyber security questions for boards71. How are key business processes affected by different types of cyber attacks?
2. Is our physical security congruent with our cyber security?
3. who are our third party vendors?
4. who is responsible for cyber security training?
5. have officers and directors received cyber security training?
6. How do we vet our administrators?
7. Who does the ciso report to?
www.paulmcgillicuddy.com
![Page 32: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/32.jpg)
I’d Like a Free Consult
![Page 33: 7 board cyber security questions](https://reader033.vdocuments.us/reader033/viewer/2022042907/587557c01a28ab00528b5a7b/html5/thumbnails/33.jpg)
Share please