board of directors' responsibility

  • 14 February 2023
  • 1 reply

Userlevel 1
Badge +1
  1. The board of director has a fiduciary duty to ensure that the company and management have implemented adequate controls to mitigate risk to the organisations business operations and response to cybersecurity incidents.
  2. on regular basis, the board should receive reports on cybersecurity activities and the risk associated with them, metric on IT performance and efforts taken by management to monitor and mitigate risk.
  3. The board should assess the adequacy of the resources devoted to policies addressing cybersecurity, support required, and sufficiency of controls in place regarding [protection of data, compliance and education efforts.
  4. It should also review the measures taken by management to prevent cyberrisk.

The ISO 27000 series is the main standard used in organisations and the standard ISO/IEC 27014:2020 addresses the governance of information security and sets out the responsibilities of the Board in four governance processes; Evaluate, direct, monitor and communication.




1 reply

Userlevel 4
Badge +1

Another great question, @terryr! Outsourcing this one for one of our experts. Stay tuned. 😉