C-Board of Directors and Strategy Flashcards
Board of Directors
The board of directors in an organization is a body of people who oversee activities in an organization.
Technology Risk committee
Committee of Technically (IT) savvy board member in some organization
Executive Management
Executive management is responsible for carrying out directives issued by the board of directors.
Executive management in the context of security management
includes ensuring that there are sufficient resources for the organization to implement a security program and to develop and maintain security controls to protect critical assets.
Chief Information Security Officer (CISO)
Responsible for all aspects of data-related security. This usually includes incident management, disaster recovery, vulnerability management, and compliance. This role is usually separate from IT.
To ensure the success of the organization’s information security program, executive management should be involved in what three key areas:
- Ratify corporate security policy: Security policies that are developed by the information security function should be visibly ratified or endorsed by executive management.
- Leadership by example With regard to information security policy, executive management should lead by example and not exhibit behavior suggesting they are “above” security policy—or other policies.
- Ultimate responsibility: Executives are ultimately responsible for all actions carried out by the personnel who report to them or those outsources.
Steering committee responsibilities
Consist of stakeholders from many department with responsibilities such as :
• Risk treatment deliberation and recommendation
• Discussion and coordination of IT and security projects
• Discussion of new laws, regulations, and requirements
• Review of recent security incidents
The responsibilities of business process and business asset owners include
- Access grants
- Access revocation
- Access reviews
- Configuration
- Function definition
- Process definition
- Physical location
Assets custodians
Act as a proxy for asset owners and make access grants and other decisions on their behalf.
Business process and business asset owners
They might not be technology experts, but they are accountable for making business decisions that sometimes impact the use of information technology, the organization’s security posture, or both.
What defined authorities and activities performed by Board of Directors
Constitution, bylaws, or external regulations.
To whom is the board of Directors accountable to
Owners of the organizations, or in case of government body to the electorate.
What duties do the board of director members have
Fiduciary
US. Sarbanes-Oxley Act
Requires board members to form an audit committee;
What experience is required of the audit committee by the US. Sarbanes-Oxley Act
one or more audit committee members are required to have financial management experience
