This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP - Cyber Security in the Boardroom"

From OWASP
Jump to: navigation, search
m (Edits)
m (edit)
Line 13: Line 13:
  
 
==Initiative Deliverables==
 
==Initiative Deliverables==
* A Primer on Cyber Security for the Board
+
# A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program  (e.g. CISO/CSO/CCO)
+
# Guidelines for selecting and evaluating the head of the Cyber Security program  (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
+
# Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
+
# Cyber Threats per Industry Sector
* Cyber Security Framework
+
# Cyber Security Framework
  
 
==A Primer on Cyber Security for the Board==
 
==A Primer on Cyber Security for the Board==

Revision as of 14:44, 13 December 2019

OWASP Project Header.jpg

OWASP - Cyber Security in the Boardroom

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

Initiative Deliverables

  1. A Primer on Cyber Security for the Board
  2. Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
  3. Top 10 Criteria for leading a Cyber Security program
  4. Cyber Threats per Industry Sector
  5. Cyber Security Framework

A Primer on Cyber Security for the Board

  1. Overview of Cyber Security for a Board of Directors
    • The Main Concepts of Cyber Security
    • The Challenges with Cyber Security
    • The Impacts of Cyber Security on an organisation
    • Responding to a Cyber Security Incident
    • Cyber Security Myths and Misconceptions
    • Cyber Security and Corporate Responsibility
  2. Overview of the Board of Directors for Cyber Security Professionals
    • Roles and Responsibilities of the Board
    • Board of Director Liabilities
    • Corporate Governance
    • Company Strategy and the role of Cyber Security
  3. Appendix
    • Useful Cyber Security References
    • Useful Board of Directors References
    • Scenarios

Guidelines for selecting and evaluating the head of the Cyber Security Program

  1. Background in dealing with information security challenges.
  2. Deep understanding of the Security Mindset and the Security Culture.
  3. Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
  4. The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
  5. Translating Risk from/to Business Needs.
  6. Addressing and communicating the “so what” question(s).
  7. The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
  8. Expert input on the fast-evolving digital ecosystem.
  9. Be able to distinguish between skills gap challenges versus talent acquisition oversights.
  10. Measure risk, compliance and maturity.

Top 10 Criteria for leading a Cyber Security program

  1. Establish segregation of duties and ownership of responsibilities for the cyber security program
  2. Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
  3. Organisational culture (security culture, mindset)
  4. Sector-focused prioritization of risks, types of attacks, threat actors.
  5. Mission Critical vs Business Critical; systems, networks and data.
  6. Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
  7. Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
  8. Third-Party Risks (incl. Supply Chain)
  9. Containment
  10. Response Plan

Cyber Threats per Industry/Sector

Cyber Security Framework

  • Policies & Procedures Creation Guidelines
  • Data Classification Guidelines
  • Compliance
  • Information Security Risk Management
  • Information Security Incident Management
  • Information Systems Continuity Management
  • Third-Party Security

Licensing

The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is Cyber Security in the Boardroom?

OWASP Cyber Security in the Boardroom provides:

  • A Primer on Cyber Security for the Board
  • Guidelines for selecting and evaluating the head of the Cyber Security program
  • Top 10 Criteria for leading a Cyber Security program
  • Cyber Threats per Industry Sector
  • Cyber Security Framework

Project Leaders

  • Sherif Mansour
  • Grigorios Fragkos

Contributors

  • Paul Harragan

Quick Download


News and Events

  • TBD
  • TBD


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_-_Cyber_Security_in_the_Boardroom&oldid=256337"