Cybergovernance Journal Update – 2/5/2016

by | Feb 5, 2016

Regulations, periodic assessments and theoretical models can only lead the way to a partial, but not comprehensive, cybersecurity solution. This is especially true when it comes to making cybergovernance accessible to executives — until now.

How We Created the First Cybergovernance Platform

TexasCEO, Jan. 30
We found a growing understanding that cybersecurity is more than just a technology problem. A friend pointed out that cybersecurity governance (aka cybergovernance) is tracking a path similar to financial governance. The recent tsunami of highly publicized cyber breaches is creating a similar pressure for cybersecurity compliance.

Read Article

Threat Intelligence, Meet Defense intelligence

Cybergovernance Journal, Feb. 1
Global threat intelligence providers report on over 500,000 malicious websites – and that list of websites turns over every day. To suggest that firms can optimize their perimeter defenses against 500,000 new threats every day is unreasonable. This fact is an uncomfortable reality for those who’ve based their risk ratings on externally available data.

Read Article

Effective Risk Governance

Directorship, Jan/Feb
Cyber risk isn’t primarily about technology. It is first and fore-most about governance requiring proactive involvement by the board in companies and organizations of all sizes. In 2015, many cases of cyber-risk management gone wrong were disclosed.

Read Article

DHS and Cyber Governance: It Starts at the Top

JDSupra Business Advisor, Jan. 29
“Unsolicited advice” to organizations faced with developing data security plans: Neuman said that the tone set at the top percolates throughout an organization and that buy-in from senior leaders is needed to create an effective organization-wide plan.

Read Article

Needed: A New Cybergovernance Model

LinkedIn, Jan. 31
Empowering the board to oversee cybersecurity risk mitigation is vital. The issue of cybergovernance is tracking the path that financial fraud followed in the early 2000’s before Sarbanes-Oxley Act. How will corporate boards comply with a new cybersecurity bill that delineates their liability for overseeing company progress?

Read Article

Why Depending on Cyber Risk Assessments is a Risk

SecurityWeek, 11/6/15
It’s been a widely accepted “check the box” cybersecurity practice to engage in periodic cyber risk assessments designed to give management assurances that their cyber defenses are adequate or not. Any cybersecurity process that relies heavily on periodic risk assessments is not only giving the company a false sense of how safe they are, it’s reflecting energy and resources away from discovering, mitigating and/or preparing for real active and immediate cyber threats.

Read Article

Subscribe
Be notified of new Journal entries in your email box or Follow us on Twitter.