For a corporate director, developing and maintaining expertise in cybersecurity can be a challenge. A new book just published by Symantec Canada, Canadian Cyber Security 2018, will help. Eight renown Canadian CISO share their perspectives on a variety of risks encountered in their day to day jobs. This book is an easy read even for a non-technical director and helps to reflect on cybersecurity oversight by learning about the extended role of a CISO, what keeps him up at night and how the rapid changes in his environment are impacting risks.
The topics I found of relevance are: Security is an essential component of every critical system, it is no longer a separate protective layer; the business acumen needed of the CISO and his role as a business partner. Security as a service; Cloud-computing, Bring Your Own Device (BYOD) and their security risks; The need to better leverage the big data generated by security devices to identify risks; How to be ready and respond to a security breach to mitigate the reputation risks; The evolution of the security philosophy from defending against what is on the outside to no asset inside or outside the company is trusted; The chapter directly discussing governance, the role of the CISO at the #boardofdirectors and the agenda of a board discussion on #Cybersecurity.
The book makes again the point that for the board to assess its cyber-risks, it must understand what data is critical to the business and how it is maintained and protected. Do you feel as a director that you have a clear answer to these basic questions?