Incident response starts with executive management

It’s easy to assume the roles and responsibilities of executive management from a traditional perspective. We know that solid mobilization of an entire organization depends on the vision and strategy put in place by the executive team. But of equal importance is understanding that as cyberattacks and data breaches increase, executives have growing responsibility to take an active role in mitigating risk within their organizations. This starts by identifying critical assets and associated impacts from cyber threats; doing so is critical to understanding a company’s specific risk exposure – whether it be financial, competitive, reputational or regulatory.

Today I want to share four of the fundamental ways in which business-line managers and executive team members can help identify strategic risks, such as those to the supply chain created through third-party vendors or cyber interdependencies.

Provide oversight and review.

Executives are responsible for managing and overseeing enterprise risk management. Cyber oversight activities include the regular evaluation of cybersecurity budgets, IT acquisition plans, IT outsourcing, cloud services, incident reports, risk assessment results and top-level policies.

 

continue reading »