BreachExchange mailing list archives
Why data privacy and security should be a boardroom issue
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 29 Jan 2015 19:25:14 -0700
http://www.information-age.com/technology/security/123458926/why-data-privacy-and-security-should-be-boardroom-issue The Online Trust Alliance last week released a report analyzing recent data breaches and a guide for enterprise security best practices. While these tips may help organisations lessen the risk of a cyberattack, I think that there is one thing that companies may overlook: their leadership team. Enterprises today have a lot to think about, and ensuring the privacy of customer and employee information has become a higher priority. Between GLBA and HIPAA regulation of security in financial services and healthcare, and growing evidence of massive industrial-scale hacking of credit card and health information, many companies have focused on protecting particular kinds of information. However, it’s become clear that companies can't protect everything equally. As we look at Data Privacy Day, it’s important to consider the basic security hygiene for any company with an Internet connection. More important, though, is the leadership and accountability for data privacy and security at the top of the organization. The roles, responsibilities and accountabilities of Chief Risk Officers, Chief Privacy Officers, Chief Security Officers, and Chief Information Security Officers is more important than turning on SSL on the company web servers. The CEO and Board of Directors at most companies are only now coming to understand the critical function these leadership roles provide in a modern company. Boards need to understand how the company leadership discusses risk and makes risk and investment (control) decisions. The CEO needs to ensure the roles are appropriately resourced. And, the leaders in these positions need to work to help boards and business executives understand the magnitude and nature of risks as well as the opportunities of various business endeavors. All businesses grow by taking risks - for example, investing in marketing or introducing a new product in the marketplace. For too long the risks of unsecured systems, lack of enforcement of security policies, and the limits of funding basic security hygiene have gone under-reported. We have seen too many examples of large, important companies brought low by data breaches that could have been prevented. It’s time for companies to stop thinking that it won’t happen to them and to start investing in smart leadership that takes the issue of security seriously.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Why data privacy and security should be a boardroom issue Audrey McNeil (Feb 02)