Re: Cybersecurity Reports to Board/Audit Committee

[David Stack <dstack () UWSA EDU>]

For those that are Gartner subscribers, Gartner does a lot of work on reporting to the board in general, and on 
reporting to the board on cybersecurity in particular.   Earlier this week there were good sessions at the Gartner CIO 
Forum in Phoenix on both topics. Sorry, I can’t share the resources. Gartner subscribers can probably get the slide 
decks from their reps.

— David

David Stack
Interim Associate VP & CIO
University of Wisconsin System
dstack () uwsa edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carlos S 
Lobato
Sent: Friday, March 2, 2018 10:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cybersecurity Reports to Board/Audit Committee


Good Morning Colleagues,



If you have been providing an annual report to your Board or Audit Committee relating to Cybersecurity, State of 
Security or Compliance, I would highly appreciate guidance on general topics that you typically include in your 
presentation or report.  We have been asked to provide a report to our Board/Audit Committee and have been given 30 
minutes, which includes 15 minutes for a presentation and 15 minutes for Q & A.



Looking forward to your insight, wisdom or advice.



Carlos,



Carlos S. Lobato, CISA, CISSP, CPA

Chief Privacy Officer

IT Compliance Officer



New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003



Phone (575) 646-5902

Fax (575) 646-5278