Why data privacy and security should be a boardroom issue

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123458926/why-data-privacy-and-security-should-be-boardroom-issue

The Online Trust Alliance last week released a report analyzing recent data
breaches and a guide for enterprise security best practices. While these
tips may help organisations lessen the risk of a cyberattack, I think that
there is one thing that companies may overlook: their leadership team.

Enterprises today have a lot to think about, and ensuring the privacy of
customer and employee information has become a higher priority. Between
GLBA and HIPAA regulation of security in financial services and healthcare,
and growing evidence of massive industrial-scale hacking of credit card and
health information, many companies have focused on protecting particular
kinds of information.

However, it’s become clear that companies can't protect everything equally.
As we look at Data Privacy Day, it’s important to consider the basic
security hygiene for any company with an Internet connection.

More important, though, is the leadership and accountability for data
privacy and security at the top of the organization. The roles,
responsibilities and accountabilities of Chief Risk Officers, Chief Privacy
Officers, Chief Security Officers, and Chief Information Security Officers
is more important than turning on SSL on the company web servers.

The CEO and Board of Directors at most companies are only now coming to
understand the critical function these leadership roles provide in a modern
company. Boards need to understand how the company leadership discusses
risk and makes risk and investment (control) decisions.

The CEO needs to ensure the roles are appropriately resourced. And, the
leaders in these positions need to work to help boards and business
executives understand the magnitude and nature of risks as well as the
opportunities of various business endeavors.

All businesses grow by taking risks - for example, investing in marketing
or introducing a new product in the marketplace. For too long the risks of
unsecured systems, lack of enforcement of security policies, and the limits
of funding basic security hygiene have gone under-reported.

We have seen too many examples of large, important companies brought low by
data breaches that could have been prevented. It’s time for companies to
stop thinking that it won’t happen to them and to start investing in smart
leadership that takes the issue of security seriously.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!