Boardroom Best Practices

Information Security Governance Best Practices

Data breaches will happen. It’s not a question of if, but when. Whether it’s criminals hacking Sony Pictures or attackers causing a massive data breach at Anthem Medical, all industries are vulnerable to a cyber attack. The impact is quite damaging: legal liabilities, brand reputation, customers and partners, and ultimately, revenue. The average cost of a breach is now up to $ 4 million, according to a 2016 Ponemon study .

Creating data privacy policy. Meanwhile, criminals develop new and sophisticated tactics to target valuable data.

Security is, and should be, a concern for all employees in an organization. However, leadership must be responsible for establishing and maintaining a framework for information security governance. Information security governance is the success or failure of an enterprise security program.

Whether it is the board of directors, executive management or a steering committee – or all of this – information security governance requires strategic planning and decision-making.

Best Practices

Despite the threats of cyber attacks and data breaches, organization can take proactive steps to better position themselves for successful security governance. What are five best practices for information security governance:

1. Take a holistic approach

Security strategy is about aligning and connecting with business and IT objectives. A holistic approach can provide leadership with more levels of control and visibility.

What data needs to be protected? Where are the risks? Take a unified view of how information security impacts your organization and how employees view security. Get early buy-in from key stakeholders, such as those in the IT, sales, marketing, operations and legal departments. Scope out what data needs to be protected and how it fits into the larger picture.

2. Increase awareness and training

Although developed by leadership, information security governance. Governance creates policies and assigns accountabilities, but each member is responsible for following the security standards.

Constant training and education on security best practices is vital. The cyber threat landscape is about to change and employees, and company training, must keep up.

3. Monitor and measure

Information security governance should never be set up, but it should not be “What are the policies?

Conduct mock data breach scenarios to test the efficacy of corporate teams and company incident response plans. Test results can reveal strong and weak links.

4. Foster open communication

Stakeholders should feel free to contact them directly, even when sharing bad news. Open communication promotes trust and brings a higher level of visibility throughout the organization.

Engagement is key. Considering a steering committee of executive and key team leads (IT, marketing, finance, public relations, legal, operations, etc.) to review and assess current security risks.

5. Promote agility and adaptability

Gone are the days of monolithic, cumbersome governance; Organizational need to adapt quickly to meet the changing tide of security threats. IT management, which is concerned with making tactical decisions on security risks, may have some hands-on experience and opinions on the effectiveness of a particular security policy, but their recommendations can only be made without C-suite support. Leadership must quickly determine how to implement proposed changes throughout the organization. And if a security governance policy is ineffective, leadership must be willing to jettison the policy.

Overall, successful information security governance involves a continuous process of learning, revising and adapting. Organization need to be proactive and strategic with their security posture. Threats and incidents are inevitable, but moving strategic security to the forefront of your organization can help protect valuable information.

Download the full Diligent white paper: Five Best Practices for Information Security Governance

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog