Título completo: Cyber-Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards
Fecha de publicación: 2020
Institución participante: NACD (National Association of Corporate Directors), Internet Security Alliance
Fragmento original: Foreword
Ensuring the cybersecurity resilience of the United States is truly a whole-of-society effort. We have seen cyber adversaries target electric utilities and financial institutions, cripple rural hospitals with ransomware attacks, attempt to undermine our democratic processes, and find points of technological leverage to steal massive amounts of intellectual property. The importance of cybersecurity for our nation’s national security, economic security and competitiveness, and public health and safety is fortunately well understood and documented at this juncture.
In response to the dramatic changes in the threat landscape, a welcomed and necessary shift has been the increased emphasis on cybersecurity as a strategic, enterprise-wide risk by senior leaders at organization, going beyond the realm of IT functions. No longer can cybersecurity conversations be purely focused on IT controls, such as network defense. These technical capabilities must be coupled with robust risk-management practices—knowing your major risks, understanding the size of your attack surface, assessing the criticality of your digital infrastructure based on the type of business processes they support, conducting inventories of connected users and devices, and then using this awareness to harden systems and add resilience in a targeted and prioritized manner.