A financial institutions’ Board of Directors has the ultimate responsibility for securing customer information, as well as the responsibility for approving financial investments into cybersecurity, creating accountability throughout the institution for security operations, and setting clear expectations for management. The trouble with all that, however, is that the Board of Directors has not historically included a lot of technical or security expertise, which can limit the understanding of information and cyber security at their organizations.
So what do the Board of Directors and Executives need to most understand information and cyber security? How can the Board improve its oversight of its own ISP? Let’s discuss.
This presentation will cover the following areas/topics:
- Trends in cybersecurity
- Cybersecurity regulatory expectations of the Board
- The biggest challenges facing the Board and cybersecurity
- A framework for asking better questions
- IT Risk = Lending Risk
- Most important things for the Board to know about IT/IS Risk
- Add technical/cybersecurity expertise to the Board
- Setting a culture of security
Target Audience: Board members, executive team, and managers responsible for information security. Both board members and information security professional will benefit from this session. Board and senior executives will receive a basic review of cybersecurity and a strong information security program, plus questions to ask of management. Members of the management team will benefit from a better understanding of what the board needs to know, how to communicate it, and tips in creating a strong culture.