Board Imperatives on Digital Security – A Fresh Approach

Communication between organisations and their boards on Digital Security is difficult. Boards are often told ‘we are secure’, ‘you don’t have to worry’, or try and convert technical information to something the board understands. They are not often part of the narrative despite being totally responsible for the organisation’s security.

But what if a board is asked what is important to them? What should boards expect an organisation to have in place that can be questioned, approved and monitored in terms that are important to boards?

The ‘Six Imperatives on Digital Security for Boards’ and its integration with the operational framework has been developed to give boards confidence in satisfying its statutory responsibilities, and the management of the subject by the organisation.

Today’s approach to security is largely one of ‘Whack-a-mole’ (and cannot be avoided!), and while this is good for solving ongoing vulnerabilities and threats, it does not necessarily inform the board of an overarching view of security.

This presentation will explain the Imperatives (People, Availability, Survivability, Reputation, Compliance, Risk Assurance), and how they relate to the activities the organisation is doing and the base elements an organisation should have in place. It will also discuss how these imperatives can be used on an ongoing basis to monitor the security of the organisation.

Security should not be left up to IT. It is complex, multi-disciplined, multi-layered, broad, much of it is technical. The basis for security should be a detailed security profile, governance framework, security principles, security strategic plan and risk mitigation. These are somewhat different from other recommendations in the director space but practical and related to each organisation and drawn from real life security events. The approach is fresh, provocative, and thought provoking!