The ever increasing risks posed by cyber-attacks are very real and hitting both the private sector as well as the public sector. Many of our appointing authorities, directors and mangers do not realize the full scope of these risks. The attached white paper was produced for the private sector but the information and strategies are applicable to the public sector also. It is a high-level overview to assist in developing a strategic vision to address cyber risks in your organization. CORSA members have many resources to assist in developing both a strategic cyber plan as well as specific tactical procedures. Some of the resources CORSA offers include our Cyber Panel of experts from our membership, model cyber policies and best practice guidance, eRiskHub CORSA's on-line cyber risk control and breach assistance hub, on-going training opportunities and, of course, our cyber coverage in the event of a breach.
From the white paper:
"Based on existing regulatory guidance, expert analysis, and case law, in order to protect your officers and directors from risk and liability you should be asking the following critical questions: 1. How do cybersecurity issues affect officer and director fiduciary duties and potential liabilities? 2. What does your board need to know about the company's cybersecurity protocols and procedures? 3. Are your company's critical cyber assets identified and properly protected? 4. Has your board created cybersecurity committees and/or assigned clear roles and responsibilities within the organization for identifying, evaluating, and monitoring cybersecurity incidents? 5. What are your company's cyber incident response plans in the event of a cyber-attack? 6. Is the company properly managing third-party vendors who have access to their cyber environment? 7. Does the company's insurance cover a cyber event?" James Hale, ARM-P, ARM-E Risk Control Consultant County Risk Sharing Authority 209 East State Street Columbus, OH 43215 614.246.1630 FAX 614.220.0209