Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Domain Name Issues And Related Business Risks | Main | "Awards" Given For E-Commerce Site Privacy Policies...The Best And The Worst »

New Report Provides Great Information Security Information To Give To CEOs

Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”

It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.

This relatively short report is written to CEOs in language they understand. It is a great document for you to give to your CEOs to help them understand how information security and privacy risks impact business.

It provides some great examples of incidents, and it does a nice job of demonstrating that information security and privacy is a world-wide issue for businesses of all sizes.

I really like how the report details the common information security mistakes CEOs make. At a high level they are:

* Underestimate the scale of the problem.

* Fail to recognize the consequences for business.

* Assume that because their company is protected, their business is safe.

Yes, all these are common mistakes.

Speaking to that last point, too often business leaders believe that implementing information security measures makes them invulnerable to security incidents and privacy breaches. Anyone who understands the complexity of information security and privacy threats and vulnerabilities knows that this is far from true. It takes an ongoing effort to ensure your business leaders remain aware of risk issues.

The report also provides descriptions, again in a way CEOs can understand, of the common mistakes most businesses, as a whole, make.

I'm a big fan of using tables, flow charts and other illustrations to help business leaders understand issues in ways that words alone cannot convey. This report includes a nice table showing the common threats and corresponding effects and preventive responses CEOs and other business leaders should implement to minimize the risks of those threats. This provides a very nice talking-point illustration to use with your business leaders.

Overall this is a great report to give your CEO, and/or schedule a 30-minute meeting to discuss it with him or her. You could also put the key points into a PowerPoint presentation, along with the answers to the questions, to use at a board meeting or executive leadership meeting. And/or you could schedule several short meetings once a month to talk about one issue at a time throughout the year. Be prepared to answer the questions listed on pages 10 & 11 of the report.

You may ask, what is this BNAC?

"The British-North American Committee is a group of leaders from business, labor, and academia in the United Kingdom, the United States, and Canada committed to harmonious, constructive relations among the three countries and their citizens."
Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on December 13, 2007 10:49 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/601

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.