referencelibrarybanner
Listing ETP Banner
Reference Library - Advanced Search
Find
 


Library 



 
Timeframe
Category
 
Sub-Category
** To make multiple selections, select the first criterion and then press and hold the Ctrl Key **
 
1- 4 of 4 Search Results for:
Libraries:   Governance Clearinghouse
Filters:   2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002; Board Composition/Committee Assignments, Company Spotlight, Cybersecurity, Disclosure, Diversity/Sustainability, Hearings and Appeals, Issues and Trends, Listing Center, News, Outside Insight, Proxy Season, Public Policy, Q&A, Regulation, Shareholder Engagement, Survey;
 
Search   Clear


Collapse All
Printer Friendly View
Mailto Link 
Page: 1 of 1
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Cybersecurity Governance
Identification Number 1284
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: Cybersecurity Governance
Publication Date: November 18, 2016

Cybersecurity expert John Reed Stark has authored a four-part series of white papers outlining a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

In the aftermath of a corporate cyber-attack, boards and the companies they govern are subjected to immediate public scrutiny and, in many cases, unwarranted criticism. This new cyber-reality has essentially removed the distinction between board member and IT executive, with cybersecurity emerging as a key corporate risk area.

For corporations, this is the dawning of a new era of data breach and incident response, where trying to avert a cyber-attack is like trying to prevent a kindergartener from catching a cold during the school year.

But cybersecurity engagement for members of the board of directors does not mean that members should obtain computer science degrees or personally supervise firewall implementation and intrusion detection system rollouts. Instead, a board's oversight responsibilities should focus on the critical components relating to the governance practices, policies and procedures of a strong cybersecurity program, which are detailed in the attached white paper and include:
  • Elements of a cybersecurity incident response plan
  • Evaluating the business continuity plan in the context of cyber attacks
  • IT security budgeting
  • Cybersecurity table top drills
  • Data security measures for cloud-based services.
The remaining papers in this series will broadly cover the following topics:
  • People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.
  • Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
  • Data Mapping and Encryption: the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's White Paper on Cybersecurity Governance >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 11/18/2016 Mailto Link Identification Number: 1284
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: People
Identification Number 1301
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: People
Publication Date: January 4, 2017

This is the second of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

Companies can invest heavily in top-of-the-line security software and state-of the-art systems, but without the proper approach toward their IT employees, those efforts will be for naught. This article focuses on a board's cybersecurity oversight pertaining to a company's most important cybersecurity resource (and threat): its employees.

Given the tumultuous risk associated with cyber-attacks, boards of directors and C-suite executives must address cybersecurity not as an IT issue, but rather as an issue of governance. Boards and C-suite executives should establish a cross-organizational team that regularly convenes to discuss, coordinate and communicate cybersecurity issues and is supported by outside cybersecurity response firms and law enforcement agencies.

This paper provides an overview of cybersecurity governance areas that involve people, including:
  • Cybersecurity recruitment and retention
  • Top-down commitment to cybersecurity
  • Employee cybersecurity training programs
  • Digital forensics/data breach response firms
  • Law firms specializing in data breach response
  • Pre-breach law enforcement liaisons
The first paper in this series provided an overview of the critical components related to the governance practices, policies and procedures of a strong cybersecurity program. The remaining papers in this series will broadly cover the following topics:
  • Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
  • Data Mapping and Encryption: the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's White Paper on Top Cyber Security Concerns for Every Board of Directors: People >>

Read John Reed Stark's White Paper on Cybersecurity Governance >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 1/4/2017 Mailto Link Identification Number: 1301
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Technology
Identification Number 1345
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: Technology
Publication Date: March 29, 2017

This is the third of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

The technical systems in place at any company provide the foundation for cybersecurity infrastructure and should be one of the primary focuses of any board of directors. Top Cybersecurity Concerns for Every Board of Directors: Technology outlines the various technological system classifications involved in an effective cybersecurity program.

The data points covered in the attached white paper are organized into broad categories helpful for shaping analysis and scrutiny and include:
  • Evaluating logging capabilities
  • Vetting penetration tests and testing consultants
  • Adopting data loss protection (DLP) systems
  • Patching and updating software
  • Installing endpoint detection and response (EDL) tools
  • Assessing physical security of facilities
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure.

Part IV, Data Mapping and Encryption (Coming in May): the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item.

Read John Reed Stark's Latest White Paper on Cybersecurity Technology >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 3/29/2017 Mailto Link Identification Number: 1345
Frequently Asked Questions
  Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Identification Number 1375
Clearhouse
Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
Publication Date: May 17, 2017

This is the fourth of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.

This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption.

  • Data Mapping: Every cyber-attack response begins with the forensic process of preserving any electronically stored information (ESI) that may be relevant to the cyber-attack. The most well-run companies establish sophisticated and intelligent data classification schemes to mitigate the costs and challenges of preserving ESI after an attack. Creating an accurate data map for a company is imperative: before a company can figure out how to protect its data, the company needs to know where that data is.

  • Encryption: While encryption systems require constant maintenance, and may complicate communications lines, encryption is typically a company's last line of defense from cyber-attacks. Target's hackers had access to everything, from the deli meat scales to the cash registers, because there were no controls such as encryption limiting access. Merely encrypting sensitive data is not enough—the type of encryption is of equal importance.
This four-part series of white papers covers the following cybersecurity topics:

Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.

Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.

Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure. 

Part IV, Data Mapping and Encryption: an overview of the board's oversight responsibilities with respect to encryption and data mapping.

By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item. 

Read John Reed Stark's Latest White Paper on Data Mapping and Encryption >>

***
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
Publication Date*: 5/17/2017 Mailto Link Identification Number: 1375
material_search_footer*The Publication Date reflects the date of first inclusion in the Reference Library, which was launched on July 31, 2012, or a subsequent update to the material. Material may have been previously available on a different Nasdaq web site.
Page: 1 of 1
home_footer_links
Copyright_statement
App Store       Google Play       Windows Store       Governance Clearinghouse RSS Feed
The Nasdaq Stock Market, Nasdaq, The Nasdaq Global Select Market, The Nasdaq Global Market, The Nasdaq Capital Market, ExACT and Exchange Analysis and Compliance Tracking system are trademarks of Nasdaq, Inc.
FINRA® and Financial Industry Regulatory Authority, Inc.® are registered trademarks of Financial Industry Regulatory Authority, Inc. OTCBBTM and OTC Bulletin BoardTM are trademarks of FINRA