Boards need to take control before cyber-crime takes control of them.
Here are four key questions for your Board ...
Q1: Boards need to find out ...
How the organisation currently defends itself against cyber attacks and how the organisation would deal with a data or systems breach.
And, whether this approach is sufficient, reasonable and likely to be effective.
Q2: Boards need to find out ...
How systems and data are protected from unauthorised access.
And, whether data owners are made aware of any access to the data under their control.
And, whether the activities of privileged users, such as administrators, are also subject to data owner scrutiny and review.
Q3: Boards need to find out ...
How the organisation ensures that devices and software are up-to-date and configured correctly.
And whether the latest patches and fixes to remove any known insecurity have been applied.
Q4: Boards need to find out ...
How the organisation ensures that staff, partners, suppliers and contractors protect the data and services shared with them.
And, whether the oversight we operate over third parties is sufficiently good to provide reassurance that they do not become the weak link in the cyber chain.
This is a subject that is of interest to you and you need to know more?
Then join our new training event later this year that gets involved with the subject!