Vulnerability Management

It is often challenging for even the most tech-savvy boards and company executives to keep up with the scope and pace of developments and risks related to big data, social media, cloud computing, IT implementations, cyber risk, and other technology matters. These developments carry a complex set of risks, and the most serious among them can compromise sensitive information and significantly disrupt business processes and the company’s reputation. Oversight of an Information Security Management System (ISMS) requires proactive engagement and is often the responsibility of the board. In some organisations, a level of oversight may be delegated to a board Information Technology and Systems (ITS) sub-committee. By engaging in regular dialogue with the CIO, CISO, and other technology-focused leaders, the ITS committee can help business leaders determine where attention should be focused. Although information security is frequently on the board’s agenda, ITS committees are increasingly looking for ways to confirm that the governance processes to manage information are appropriate for the company’s needs and working effectively.