Difference between revisions of "OWASP - Cyber Security in the Boardroom"

OWASP - Cyber Security in the Boardroom

Owasp Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

Initiative Deliverables

• A Primer on Cyber Security for the Board
• Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
• Top 10 Criteria for leading a Cyber Security program
• Cyber Threats per Industry Sector
• Cyber Security Framework

A Primer on Cyber Security for the Board

1. Overview of Cyber Security for a Board of Directors
   • The Main Concepts of Cyber Security
   • The Challenges with Cyber Security
   • The Impacts of Cyber Security on an organisation
   • Responding to a Cyber Security Incident
   • Cyber Security Myths and Misconceptions
   • Cyber Security and Corporate Responsibility
2. Overview of the Board of Directors for Cyber Security Professionals
   • Roles and Responsibilities of the Board
   • Board of Director Liabilities
   • Corporate Governance
   • Company Strategy and the role of Cyber Security
3. Appendix
   • Useful Cyber Security References
   • Useful Board of Directors References
   • Scenarios

Guidelines for selecting and evaluating the head of the Cyber Security program

Top 10 Criteria for leading a Cyber Security program

1. Establish segregation of duties and ownership of responsibilities for the cyber security program
2. Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
3. Organisational culture (security culture, mindset)
4. Sector-focused prioritization of risks, types of attacks, threat actors.
5. Mission Critical vs Business Critical; systems, networks and data.
6. Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
7. Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
8. Third-Party Risks (incl. Supply Chain)
9. Containment
10. Response Plan

Cyber Threats per Industry Sector

Cyber Security Framework

• Policies & Procedures Creation Guidelines
• Data Classification Guidelines
• Compliance
• Information Security Risk Management
• Information Security Incident Management
• Information Systems Continuity Management
• Third-Party Security

Licensing

The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is Cyber Security in the Boardroom?

OWASP Cyber Security in the Boardroom provides:

• A Primer on Cyber Security for the Board
• Guidelines for selecting and evaluating the head of the Cyber Security program
• Top 10 Criteria for leading a Cyber Security program
• Cyber Threats per Industry Sector
• Cyber Security Framework

Presentation

Link to presentation

Project Leaders

• Sherif Mansour
• Grigorios Fragkos
• Paul Harragan

Related Projects

• OWASP_CISO_Survey

Quick Download

• Link to page/download

Donate to OWASP

News and Events

• [20 Nov 2013] News 2
• [30 Sep 2013] News 1

In Print

This project can be purchased as a print on demand book from Lulu.com

Classifications