Boards have the ultimate responsibility for the security of customer information, as well as the responsibility to approve financial investments into cybersecurity, create accountability in the institution for security operations, and set clear expectations for management. A positive culture needs to be established for the organization to be successful in addressing cybersecurity needs. For an organization’s culture to be positive, it must start with the Board.
Important decisions are made at each board meeting that affect strategic objectives, products and service offerings, and ultimately information security. Poorly informed or misinformed decision makers could influence security negatively and cause unintended damage to an institution. Understanding the basics of an Information Security Program is critical for the board to make effective discussions. This session will discuss how to improve communication and reporting with the board, basic processes and components of the ISP relevant to the board create, and how to improve cybersecurity culture.
The following topics will be discussed:
- Information Security Program Basics
- Trends in cybersecurity
- Improving board information flow
- Cybersecurity culture
- Roles and responsivities
Target Audience: Both board members and information security professional will benefit from this session. Board and Senior Executives will receive a basic review of Cybersecurity and a strong Information Security Program, plus questions to ask of management. Members of the management team will benefit from a better understanding of what the board needs to know, how to communicate it, and tips in creating a strong culture.
Presenter: Chad Knutson, SBS CyberSecurity, LLC