Cybersecurity Needs Board-Level Oversight, ISA Blogs
Cybersecurity needs board oversight and isn't just an IT issue, "it’s an enterprise wide risk management issue," blogged Internet Security Alliance Senior Director Stacey Barrack. "Most corporate boards are comprised of 'digital immigrants'" who "need to learn how to understand cyber-risk," she wrote Friday. Such risk management takes "strategic thinking" that doesn't treat information security as a "siloed" issue, Barrack wrote. She noted, as did another expert in a blog Thursday (see 1706010018), that "several significant cyberbreaches did not actually start within the target’s IT systems, but rather from vulnerabilities in one of its vendors or suppliers."