InvestorsHub Logo
Followers 5
Posts 3004
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Monday, 01/07/2019 6:43:10 PM

Monday, January 07, 2019 6:43:10 PM

Post# of 249565
Boards need to be active partners in cyber defence

https://www.computerweekly.com/news/252455381/Boards-need-to-be-active-partners-in-cyber-defence

Board members must be active governance partners in collaborative cyber defence, says US regional information sharing and analysis organization

Defending against cyber attackers requires collaboration across organisational functions and between organisations, according to a report by the Advanced Cyber Security Center (ACSC).

The report urged boards to adopt a comprehensive and dynamic understanding of their organisations’ cyber security responsibilities and to maintain regular direct access to CISOs and risk officers in conjunction with CIOs and other executives.

The report, based on a survey of 20 ACSC member CISOs and CIOs from diverse organisations and interviews with external experts, was intended to provide a perspective on the current state of board engagement in cyber security.

It also described the benefits and challenges of maturing board engagement and included recommendations for model board engagement.

The New England-based ACSC is a federally registered regional information sharing and analysis organisation (ISAO) aimed at encouraging cross-sector collaboration and promoting effective practices to help organisations strengthen their cyber defences.

According to the report, in most cases the board partnership with management is still “at an early stage” or in a “maturing phase” in its ability to provide strategic guidance and help guide management’s strategic risk judgements.

Because most boards do not yet have sufficient expertise in technology or cyber security to serve as strategic thought partners on cyber risk, the report recommended that they should recruit board members with broad digital or technology expertise, develop an annual curriculum of cyber briefings, provide ongoing training and use third-party assessments.

A key finding of the survey was that placing cyber security in an organisational silo at the operational or board level makes it difficult to develop a comprehensive and nuanced understanding of cyber security’s impact on business risk.

Boards generally spend one meeting a year on cyber security, delegating responsibility to the risk or audit committee, leaving the full board with little time to develop expertise on the cyber risks, the survey showed.

The report recommended that CISOs and CIOs should present jointly at board meetings to provide a comprehensive view of digital strategies and security.

“Boards as a whole should review cyber security more consistently as a business risk and the risk or audit committee should be used for more frequent (at least quarterly) cyber reviews,” the report said.

The survey showed that as cyber security budgets continue to grow, two issues have arisen The first is “budget fatigue” and the second is that cyber security investments are seen as “separate” from IT investments and so do not represent a complete picture of security spend.

In terms of overseeing cyber security and digital transformation budgets, the report recommended that boards should present digital transformation budgets as a whole, with cyber security investments as an element of overall IT-related decisions about where to invest in growth and security.

Boards and management require cyber risk frameworks that provide a means to make informed risk judgements, the report said, noting that cyber security has not yet developed the standard risk frameworks that financial and audit risk functions have.

In the light of this fact, the report recommended that boards should prioritise and support senior management’s development of a new generation of outcome-based cyber risk management frameworks. “In the meantime, executives should use only a few operational metrics with boards,” it said.

Michael Figueroa, executive director of the ACSC, said the report examines the reality that, for the most part, boards are not in a position to provide strategic guidance on cyber risk.

“In particular, the report has identified a need for a risk standard, much like those frameworks that financial and audit risk functions have refined over decades, that would help guide decision-making and operations as they relate to cyber risk management,” he said.
=================================================================
If board members and CISOs were asked to read the Wave Alternative and if the CISOs could be asked to compare their cyberdefenses with Wave VSC 2.0, Wave ERAS, Wave SED management and Wave Endpoint Monitor, they could very well see the light to a better cyber future!! imo.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

https://www.wavesys.com/products/wave-self-encrypting-drive-management

https://www.wavesys.com/products/wave-endpoint-monitor
================================================================

https://www.wavesys.com/wave-alternative

The IT perimeter is gone

With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.

It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.

You have to start with the device

Wave has an alternative: security that’s built into each and every device.

We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.

We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.

Security that’s confirmed, not assumed

With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.

A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.

Do we need to say that with Wave, compliance is no problem?

Start closing your security gaps today, with what you’ve got

You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.

It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.

Questions? Read on, or contact our sales department.


















Join InvestorsHub

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.