Educause Security Discussion mailing list archives
Reporting Cyber Risk to Board of Directors
From: "STURGIS, JOHN" <JSTURGIS () MAILBOX SC EDU>
Date: Tue, 3 Apr 2018 17:55:05 +0000
Good afternoon, everyone! The folks over at Cyentia Institute<https://www.cyentia.com/> are gathering info for their second edition of the Cyber Balance Sheet report (last year’s is available here<https://cyentia.com/wp-content/uploads/Cyber-Balance-Sheet-Report-2017.pdf>), and I’m sure they would greatly value the input from higher ed security professionals. Key points: * Final report is available to all for free, * The writers are some of the minds behind the Verizon DBIR, * In my opinion, higher ed is underreported in this domain, much to our detriment. The research questions they intend to answer (taken from their call for participation here<https://cyentia.com/2018/01/16/call-participation-2018-cyber-balance-sheet/>): 1. What information is typically reported to the board? How is it formatted, contextualized, and presented? 2. What information is viewed most favorably by Boards and other corporate executives? Can any be shown to increase trust? 3. Do reported metrics and/or Board responses to them vary across different types of organizations and board members? 4. If so, can a set of guidelines be created such that Board-level reporting is optimized for the organization and audience? If you’re willing to contribute your time and knowledge, you can access the survey here<https://www.surveygizmo.com/s3/4254658/cyber-balance-sheet>. Thanks for your time, and have a great day! John P. Sturgis - Security Program Consultant University Information Security Office University of South Carolina sturgis () sc edu<mailto:sturgis () sc edu>
Current thread:
- Reporting Cyber Risk to Board of Directors STURGIS, JOHN (Apr 03)