NACD - National Association of Corporate Directors

It’s Time For Risk Intelligence

Instead of the tiresome debate over whether a CISO should report to the CEO, shouldn’t a better question be whether the CISO should be deterring threat or managing risk?

The new National Association of Corporate Directors’ cybersecurity handbook says cybersecurity is a risk management issue, not an IT matter. And I agree. Most of the top federal agency IT managers and cybersecurity officials have been echoing the advice in this handbook for months now. It would have been helpful if Equifax’s board had received an early copy.

To read the full article, visit Security Boulevard.