The Department of Homeland Security (DHS) endorsed Tuesday...
The Department of Homeland Security (DHS) endorsed Tuesday a cyber-risk oversight handbook for corporate board of directors jointly published by AIG, the Internet Security Alliance (ISA) the National Association of Corporate Directors (NACD). DHS is incorporating the handbook into its…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Critical Infrastructure Cyber Community (C3) Volunteer Program, the program the department is using to encourage use of the National Institute of Standards and Technology-facilitated Cybersecurity Framework, said DHS Assistant Secretary Andy Ozment, head of the National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications, during a news conference announcing DHS’s adoption of the handbook. DHS will also make the handbook available through the U.S. Computer Emergency Readiness Team’s website, said Ozment. The handbook, originally released last month, says corporate boards of directors should handle cybersecurity using a set of five principles, including an understanding that cybersecurity is “an enterprise-wide management issue,” rather than just an IT issue. Boards also need to understand the legal implications of cyber risks and should have adequate access to cybersecurity expertise to evaluate policies, the handbook said. They should also expect management to create an enterprise-wide cyber risk framework that is adequately funded, and should identify which risks to “avoid, accept, mitigate or transfer through insurance,” the handbook said (http://bit.ly/1mbVuut). Directors are “very much aware of cybersecurity,” but need guidance on how to confront it, said NACD President and CEO Ken Daly during the news conference. ISA President Larry Clinton said the handbook could help corporate board and cybersecurity experts “connect the dots,” noting that both sides need to understand each others’ lexicons.