Member-Only Release Out Now, Public Release Coming Soon: Beyond Compliance: Penetration Testing, Red and Purple Teams: Continuous Assessment to Improve Security and Build Talent
As with the senior executive CISO role, dedicated counsels for cybersecurity and senior communications staff deeply engaged with cyber defense are new corporate developments in the last decade. Many organizations have only recently assigned significant cybersecurity legal responsibilities to one member of the counsel team, and have brought communications staff into incident planning and response as full partners. Cyber incident planning and response has been in some cases organized as a subset of existing emergency preparedness groups, which has led to additional challenges, especially the need to differentiate the distinct procedures, systems, and language for cyber preparedness from more traditional emergency practices.
Leveraging Board Governance for Cybersecurity: The CISO/CIO Perspective
In the current climate of increasingly sophisticated cyber attacks that can cripple business operations, expose sensitive data and negatively impact a company's reputation and market value, the mandate for corporate management teams and boards to adapt and improve its approach to cyber governance is becoming an imperative. Yet, in 2014, one third of North American firms did not have a Chief Information Security Officer, according to an annual survey by PWC, and the US government did not appoint its first Chief Information Security Officer until 2016. By 2018, many companies still don't have key roles related to cybersecurity, such as CISOs or chief security officers. These statistics, as well as our report on Collaborative Cyber Defense released last year, spurred the ACSC to more deeply investigate the current state of board engagement in cybersecurity.
Collaborative Cyber Defense: Barriers and Best Practices for Strengthening Cyber Defense by Collaborating Within and Across Organizations
With assistance from Mass Insight Global Partnerships, and in conjunction with research partner McKinsey & Company, researchers worked with ACSC members and other experts, to interview CISOs, CIOs, analysts, business leaders and others in a range of sectors to identify organizational models for efficient collaboration on common defense. Overall, the study found there is a strong correlation between collaboration and cyber security maturity however, most collaboration is informal and unstructured, which indicates potential opportunities for more structured activities and networks. But, significant gaps exist between more mature organizations and others, indicating potential for cross-fertilization of practices.