1st Edition
The Cybersecurity Handbook A Guide for Board Members and C-Suite Executives
Chapter 1 - Background
· Background
· Roles of Boards of Directors in Cyber-Risk Oversight
· Cybersecurity Framework
· Required Structural Changes for Appropriate Cyber-Risk Oversight and Management
· The Internal Roles and Responsibilities of Boards of Directors
· The Preparedness of the Boards of Directors
· What the Board Needs to Know about Cybersecurity
Chapter 2 – Roles of Board of Directors in Cyber Risk Oversight
· Fundamental Concepts of Cybersecurity
· Cyber-Attacks
· Web-Based Attacks
· System-Based Attacks
· The Main Layers of Cybersecurity
· Cybersecurity Vulnerabilities, Cyber Threats and Assets
· Importance of Effective Cyber-Risk Oversight
· Setting the Tone for Cybersecurity in an Organization
· Strong Focus of Institutional Investors on Cyber-Risk Management
· Corporate Culture and Risk Oversight
· Cyber-Risk Oversight Function and Fiduciary Duties of the Board of Directors
Chapter 3: Cybersecurity Framework
· Laws and Regulations of Risk Management
· Dodd-Frank Act
· Securities and Exchange Commission (SEC)
· Foreign Corrupt Practices Act (FCPA)
· Laws and Regulations on Cybersecurity
· Cybersecurity Governance, Risks, and Compliance
· Effective Approach to Establishing Cybersecurity Governance
Chapter 4: Required Structural Changes for Appropriate Cyber-Risk Oversight and Management
· Third-Party and Fourth-Party Guidance on Best Practices For Board Oversight Risk Management
· The Provision of Education on the Board’s Oversight of Risk Culture Expectations
· Execution of a Complete Risk Culture Gap Assessment in the Organization
· The Implementation of a Board and C-Suite Driven or Objective-Centric Approach to Internal Audit and Enterprise Risk Management
· Regulators Should Consider Safe Harbor Provisions for Board Risk Oversight
Chapter 5: The Internal Roles and Responsibilities of Boards of Directors
· The Chief Executive Officer should be Held Accountable for Building and Maintaining Effective Risk Appetite Frameworks and Providing the Board with Periodic Consolidated Reports on the Organization's Residual Risk Status
· Other Recommendations on Ways to Improve Risk Oversight
· Situating Risk Oversight Functions in an Organization
· Maintaining the Lines of Communication and Information Flow in the Organization
· The Periodic Review of Legal Compliance Programs
· Provision of Special Considerations to Cybersecurity Risks
· The Provision of Special Considerations to Address Environmental, Social, and Governance Risks
· Anticipation of Potential Risks
Questions the Board Should be Asking the C-Suite/CISO on Cyber Resiliency
References
Biography
Richard Young is a seasoned technology executive and academic leader with a distinguished career in the financial services industry. Based in New York City, he currently serves as a platforms engineering and technology risk executive at one of the top global financial institutions based on Wall Street, where he leads a team of technology and cyber risk software developers and risk managers. With extensive experience in the global financial sector, Richard is recognized for his expertise in cybersecurity, technology risk management, and regulatory compliance. In addition to his professional accomplishments, Rich is pursuing a doctoral degree in Educational Leadership, where he focuses on the intersection of technology and education. He is also an educator, teaching graduate courses on technology risk management and cybersecurity. Richard is deeply committed to fostering the next generation of technology leaders, particularly in underserved communities, and is in the process of establishing a Science, Technology, Engineering, and Mathematics (STEM) school for underprivileged youths to be in New York city and Johannesburg, South Africa.
