Upload
tripwire
View
346
Download
0
Tags:
Embed Size (px)
Citation preview
How to Improve Your Board’sCyber Security LiteracyMay 28, 2015
2
Today’s Presenters
Colin Anderson
VP of Infosec & CISO
Levi Strauss
Larry Clinton
President & CEO
ISA
Colleen Brown
Associate
Sidley Austin LLP
Dwayne Melancon
VP R&D & CTO
Tripwire
What should CISO’s know – and do -- to effectively interact with the board?
What are the main areas boards should be concerned about before a breach? After a breach?
For cyber security/cyber risk, where is the line between board and management responsibility?
If you don’t have a strong relationship with the board yet, where should you start?
7
Three Key Takeaways
Encourage boards to focus on risk, not security
Provide context and comparisons whenever possible
Develop key indicators/metrics that tell a story, are easy to understand and talk to business risk
Colin Anderson
VP of Infosec & CISO
Levi Strauss
8
Three Key Takeaways
Change how you think about cyber security
Change how you talk about cyber security
Use the NACD Handbook for reaching boards and sr. managers
Larry Clinton
President & CEO
ISA
9
Three Key Takeaways
Ensure you have a comprehensive data protection program
Ensure the board is engaged on cybersecurity and develop a record of that engagement
Consider putting resources in place in advance, including cyber-insurance and pre-engaging with third-party service providers
Colleen Brown
Associate
Sidley Austin LLP
10
Three Key Takeaways
Use the headlines as “teachable moments”
Before bringing topics to the board, ask “Is this appropriate for the board, or should it be management’s responsibility?”
Communicate in terms of impact to the business – for example, leverage annual reports, relate to key risks and objectives Dwayne Melancon
VP R&D & CTO
Tripwire
11
Tripwire Product PortfolioDetecting and Responding to indicators of breach, compromise, and vulnerability
12
Threat Intelligence
Tripwire Adaptive Threat Protection
Adaptive Threat
ProtectionEndpoint Intelligence
Vulnerability Intelligence
Threat Analytics
Forensics
Zero-Day Detection
Threat Response
Log & Event Intelligence
SUBTITLE STYLE
http://www.tripwire.com/cyberliteracy
tripwire.com | @TripwireInc
THANK YOU