Board security awareness & education

15 pts.
Tags:
corporate governance
Risk management
Security
Should corporate boards be required to have representation from the information security domain? Is it a governance issue that security and IT risk management has become critical, yet director's ability to manage this domain has perhaps lagged?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • AndreaF
    The way you have worded this leaves it open to personal viewpoint. Are you looking for others' thoughts on what should be madatory, or are you meaning to ask a specific question?
    11,315 pointsBadges:
    report
  • j2abro
    Andrea, thanks for the follow-up - I guess it's more of the former: I'm interested in discussion on the subject. I don't believe there is a definitive answer, but I'd like to hear other's opinions.
    15 pointsBadges:
    report
  • Harisheldon
    With the current situation of companies, even better, nations, being hacked by other nations, security should be at the top of the list for any organization, especially if they are dealing with a large amount of people who deal in exchanging information, mainly $$$$.  Everyone in a corporation should be given  classes, at a minimum of once a year, in security techniques that might compromise their corporations IT security.  This should include changing passwords, to encrypting emails with critical data, to encrypting documents on their work stations.  The more the user is made aware of the situation, the more secure they will be.  One of the main problems thou is not an external problem but an internal one.  Education is the best tool in combating this issue.
    12,870 pointsBadges:
    report
  • Kevin Beaver
    I believe that any business that wishes to have a successful information security program is going to have board oversight, at least. We are seeing this more and more. Unfortunately, given the state of security, we still have a long way to go.

    The key thing is that business executives must get past the mindset that information security is "an IT thing". It's not...never has been and it definitely never will be. It's a core business function that has to be addressed and overseen from the top down.
    26,480 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: