Discussion Board Post – Approx. 200 words
(Assignment to be completed in the Discussion Board Section)
- Please watch this explanatory video (https://youtu.be/_uCmvfOhR_E) on how to present to the board from SANS institute (it is very good) and it provides you with ample information of what board members might expect. After seeing the video, please take a look at the DBIR report (attached) and focus on the sections pertaining to the retail industry.
- You work for a large retail company, and you have been asked to equip your CISO with ‘just the right amount and type of information’ to present to the board for 15 minutes only. Please match the retail issues seen on the DBIR report (https://www.verizon.com/business/resources/reports… ), against the practices recommended the SANS institute, and highlight the areas and topics that you would recommend in the presentation. What concerns do you have regarding the areas where you would not be able to talk about due to the lack of time? This is a very common scenario nowadays.
Discussion Board Comments – Approx. 100 words
Please comment on the forum posts of two peers
Essay – due on Sunday 11:59PM CST: Approx. 600 words, APA Style
Based on the articles and explanations given in this session:
Based on the materials provided this week, and any additional research:
- Imagine that Capital One has decided to change its board of directors (post COVID) and none of them are well versed in cybersecurity, yet, but they are very committed to learning. They had a painful breach recently and this is a reminder of the need to remain very vigilant (What the Capital One Hack Means for Boards of Directors: https://corpgov.law.harvard.edu/2019/08/17/what-the-capital-one-hack-means-for-boards-of-directors/)
- Examine the breach and explanations of what went wrong. What are the lessons learned here?
- Examine Deloitte’s recommendations on boards and cybersecurity: https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/in-ra-changing-role-of-the-board-on-cybersecurity-noexp.pdf;
- Examine PWCs simplified version of what boards need to do to learn quickly: https://www.pwc.com/us/en/governance-insights-center/publications/assets/pwc-overseeing-cyber-risk-the-boards-role.pdf
- Examine HBR’s explanation of principles: https://corpgov.law.harvard.edu/2021/06/10/principles-for-board-governance-of-cyber-risk/
- Examine the view from the EU cyber risk managements (being that this is an international company) https://www.ferma.eu/app/uploads/2017/05/WEB-FERMA-Brochure2017-29-June.pdf
- Examine the perspective of what happens in many boardrooms still today (large organizations) Although this is from 2017, it is still very relevant today https://www.youtube.com/watch?v=K9o67m3B_Ec