Re: Cybersecurity Reports to Board/Audit Committee

[Joanna Grama <jgrama () EDUCAUSE EDU>]

Hi Carolos,
This article was published a couple of years ago by members of the community, but I believe that it still contains 
useful information that is responsive to your original request:  
https://er.educause.edu/articles/2016/1/leading-an-effective-briefing-with-board-executives-about-information-security

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | jgrama () educause edu<mailto:jgrama () educause edu>

Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and 
valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carlos S 
Lobato
Sent: Friday, March 2, 2018 10:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cybersecurity Reports to Board/Audit Committee


Good Morning Colleagues,



If you have been providing an annual report to your Board or Audit Committee relating to Cybersecurity, State of 
Security or Compliance, I would highly appreciate guidance on general topics that you typically include in your 
presentation or report.  We have been asked to provide a report to our Board/Audit Committee and have been given 30 
minutes, which includes 15 minutes for a presentation and 15 minutes for Q & A.



Looking forward to your insight, wisdom or advice.



Carlos,



Carlos S. Lobato, CISA, CISSP, CPA

Chief Privacy Officer

IT Compliance Officer



New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003



Phone (575) 646-5902

Fax (575) 646-5278