Cyber Board Advisory Services
The governance landscape for cybersecurity risk management is changing rapidly, with new rules on cyber risk oversight expected from the SEC, New York Department of Financial Services, and likely many other regulators globally. The overarching focus of this regulatory shift is the expectation that Boards of Directors have cybersecurity expertise, that companies have empowered and independent cybersecurity executives, and that companies disclose far more details than previously required on cyber risk strategies, mitigation plans, and material incidents. The duty of care standards and expectations for executive cyber risk diligence are quickly being elevated.
OODA offers dedicated board cybersecurity services designed to help Directors understand and manage the complexities of cyber risk. Our advisory team is comprised of only senior executives who have deep domain expertise combined with executive management functions such as serving on Boards of Directors or managing cyber risk as CEOs, CTOs, and CISOs. We help bridge the gap between Boards and their internal security management teams.
Security Program Review
Our experts will evaluate the maturity of your cybersecurity program with a focus on elements that are critical for the Board management of risk, such as:
-
Is the organization exercising due care and within reasonable risk parameters?
-
Are there gaps between what the SEC requires and what the organization does?
-
Are any controls fundamentally missing or broken?
-
Is the program on par with peers and other relevant industry standards?
-
How do we know we have the right cybersecurity program and leadership?
-
How do we establish metrics for success, determine and manage security ROI, and ask questions of our cybersecurity executives that yield data that we can use to do our jobs?
Board Support Functions
On a one-time or retainer basis, our team can provide direct support to the Board on issues such as:
-
CISO selection criteria and consulting on optimal security organization structure and programmatic and risk reporting.
-
CISO validation services (e.g. have you hired the right person)
-
On-call crisis response and support. Reach out to get an immediate response to any questions or in support of a cybersecurity incident or crisis.
-
Assistance establishing and running a cybersecurity committee of the board, or equipping a standing committee (e.g., Risk, Audit, or Technology) to manage cyber and information risk more effectively.
-
Bespoke red teaming and exercises to test the security program against board expectations, and clarify respective roles and requirements among the Board, executive management and other stakeholders.
Board Education Services
Our expert team can train or brief your Board on key cybersecurity threats, risk management strategies, and other relevant considerations.
-
One-time or Quarterly Threat Briefings
-
Cyber risk management best practice strategies
-
Industry incident evaluations and associated lessons learned
-
Key questions to ask the CISO
-
Metrics the Board should be tracking to manage cyber risk
Board Placement Services
Drawing on our Expert Network comprised of hundreds of cyber risk experts and executives, our team can help place a dedicated cybersecurity Board member in your organization. Allocating a dedicated Board member is a reliable and diligent way to manage a Boards cyber risk oversight function with an expert who understands your business and also has the required expertise to evaluate and direct cyber risk management activities within the company. Our network consists exclusively of technical experts who have a demonstrated track record of communicating complex technical issues simply and in usable data to senior executives.
Engage our team to work with your Board of Directors
Useful References:
How to Manage Cyber Risk as a Board Director – OODAloop.com
Is Your Board Prepared for New Cybersecurity Regulations? – Harvard Business Review
Public Company Cybersecurity: Proposed Rules – Securities and Exchange Commission (SEC)
Here’s What Regulators Will Want Boards to Know About Cybersecurity – World Economic Forum
New York Proposes Bigger Cyber Role for Bank, Insurer Boards – Bloomberg Law article on NY DFS and NYCRR 50