First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management policy

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

People still don’t know how to assess cyber risk!

Why do the consultants keep advising management and the boards to consider cyber risk as if it is separate from all other business risks?

 

, , , , , ,

When a privacy policy is not enough!

Does your organization have an IT risk management program in place that draws upon various stakeholders to identify and prioritize privacy risks and related mitigations? Does your IT risk management program maintain appropriate records and provisions for access to information and privacy? And, have you implemented a privacy policy, only to find out that during internal audits there was a lack of compliance?

 

, , , , , , , , ,