Cybersecurity is a topic often overlooked by compliance officers, often due to a lack of understanding of the importance of the topic, or the assumption that IT and cybersecurity departments have the issue fully controlled.
A recent panel at Compliance Week’s virtual Cyber-Risk & Data Privacy Summit in late January brought together cybersecurity professionals to discuss these issues. The panelists spotlighted the need to look beyond the technology of cybersecurity and to review it within the framework of risk. Instead of focusing on the technical elements of security breaches, concentrate on getting board buy in by explaining the breach in other ways.
“You want to break down the risks. The board will want to know what you’re doing in non-technical terms,” said George Finney, chief information security officer at Southern Methodist University in Dallas to the Compliance Week summit audience.
The panel also discussed the vulnerabilities in terms of public perception that firms risk by not appearing compliant to cybersecurity best practices, and the need for those practices to be embedded in the corporate culture and communicated and followed by all levels of structure.
Source:
