Internet Security Alliance and National Association of Corporate Directors Release Guide for Cyber-Risk Oversight

February 26, 2020

The National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) released a new, updated Director’s Handbook on Cyber-Risk Oversight, a guidebook to help boards navigate cyber-risk oversight.

The handbook is available on four continents and in five languages. The handbook outlines five “guiding principles” to enhance board oversight of cyber risk and includes tools with guidance on how best to oversee management of specific cybersecurity issues, including M&A due diligence, insider threats, supply chain management, incident response, personal security, model dashboards and metrics, engagement with the security team and what to expect from the government.

“Businesses are facing a tension between the need to embrace digital change while at the same time protecting their cyber assets,” said Peter R. Gleason, CEO of NACD. “This is the ‘new normal’ for enterprises of all sizes, and our goal with this handbook is to help build the board’s knowledge and confidence to navigate this new reality. Boards must work with their management teams to reconcile the need to transform themselves digitally with the need to ensure underlying data assets are properly secured."

“Digitization and digital transformation have enhanced exposure to cyber risk across the enterprise, making cybersecurity a strategic risk” said Larry Clinton, president of ISA. “This handbook underscores the importance of a robust governance approach to cybersecurity. It recognizes the critical role boards play in shaping the overall vision and strategy for the enterprise and in setting a tone of security.”

The Director’s Handbook on Cyber-Risk Oversight was developed in collaboration with the US Department of Homeland Security and the US Department of Justice, and it is applicable to board members of public companies, private companies and nonprofit organizations of all sizes and in every industry. Directors have turned to earlier iterations of the handbook to gain insight into issues such as how to allocate cyber-risk oversight responsibilities at the board level, the legal implications and considerations related to cybersecurity, how to set expectations with management about the organization’s cybersecurity processes, and ways to improve the dialogue between directors and management on cyber issues.

The digital version of the handbook is free of charge and will be available to US businesses through NACD, ISA and their partners, including the US Department of Homeland Security and the US Department of Justice

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Internet Security Alliance and National Association of Corporate Directors Release Guide for Cyber-Risk Oversight

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

Internet Security Alliance and National Association of Corporate Directors Release Guide for Cyber-Risk Oversight

Related Articles

The latest news and information

Content written for business-minded executives who manage enterprise risk and security