CIOs can start by arming their boards with the right questions, none of which are technical. For example, have we been tested outside of our internet recovery plans, and what is our action plan based on that test? Another area that is up for investigation by the board is whether or not there has been penetration testing or other testing that mimics the actions of cybercriminals. Are those tests done regularly and how is our performance?
Developing technical areas
External audits, Ragland says, are powerful tools for CIOs, too. “As boards seek external assurance on risks, just as they would finance with audits, it is the responsibility of CIOs to provide them with that information, and to have fresh eyes in an ever-changing environment,” he said. . Audit and IT services have cybersecurity procedures, and the National Association of Corporate Directors has recommendations for external audits.
Boards are looking to build their cyber role, and are changing how they select board members as a result. “Boards should not limit their technology additions to safety and security,” said Ragland. “Yes, security expertise is important, but so is a board member who can address the strategic opportunity that technology brings to organizations. How do we use technology to improve our strategies, products, and customer interactions? As boards look for technical skills, they should look for someone who can bring both flavors to the boardroom. “
Source link