Best Practice Guide Offers Security Advice to Boards of Directors

A new whitepaper released by the World Economic Forum Future of Digital Economy and Society System Initiative intends to help boards understand the cyber risks they are facing in 2017.

The report claimed that “organizations do not feel equipped with the tools to manage cyber risks with the same level of confidence that they manage other risks, and the emerging leading practices have not yet become part of the standards set of board competencies.”

The guide claims that moving forward two things are required: a significant increase in organizations adopting, sharing, and iterating leading security practices, and cross-sectoral collaboration in order to develop new practices that require dealing with unique attributes of managing cyber risks of physical assets.

The whitepaper proposes Ten Board Principles for Cyber Resilience:

  1. Responsibility for Cyber Resilience- the entire board takes ultimate responsibility for oversight of cyber risk and resilience
  2. Command of the Subject- board members receive cyber resilience orientation upon onboarding and are regularly updated on the latest threats and trends
  3. Accountable Officer- the board must have certain there is one corporate officer accountable for reporting the organization’s capability to manager cyber resilience and progress in implementing cyber resilience goals
  4. Integration of Cyber Resilience- board ensures that management integrated cyber resilience and cyber risk assessments into the overall business strategy and into enterprise wise risk management
  5. Risk Appetite- board annually defines and quantifies business risk tolerance relative to cyber resilience, and ensures that this is consistent with corporate strategy and risk appetite
  6. Risk Assessment and Reporting- board holds management accountable for reporting a quantified and understandable assessment of cyber risks, threats and events as a standing agenda item during board meetings
  7. Resilience Plans- support for the officer accountable for cyber resilience by the creation, implementation, testing and ongoing improvement of cyber resilience plans
  8. Community- encourages management to collaborate with other stakeholders in order to ensure systemic cyber resilience
  9. Review- conduct a formal, independent cyber resilience review of the organization annually
  10. Effectiveness- review performance in the implementation of these principles

 

The purpose of this whitepaper is to “provide boards with a framework and set of tools to smoothly integrate cyber risk and resilience into business strategies, and so that their companies can innovate and grow securely and sustainably.”

Richard Samans with the World Economic Forum claims, “I’ve been saying for a number of years that information risk must be elevated to a board-level issue and given the same attention afforded to other risk management practices. Organizations face a daunting array of challenges interconnected with cyber security: the insatiable appetite for speed and agility, the growing dependence on complex supply chains, and the rapid emergence of new technologies.”

 

Implementing File Integrity Monitoring to Your Layered Security Approach

In order to detect potentially significant changes to system files and protect systems from malware, it is essential to not just simply run a comparison of the file system once per day as has traditionally been the approach, but to provide an alert within seconds of a significant file change occurring.

The best File Integrity Monitoring technology will also now identify who made the change, detailing the account name and process used to make changes, crucial for forensically investigating security breaches. It is good to know that a potential breach has occurred but even better if you can establish who and how the change was made.

 

Read this report on Info-Security Magazine

 

 

 

 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.