Top Cybersecurity Concerns for Every Board of Directors: Data Mapping and Encryption
This is the fourth of a four-part series of white papers authored by Cybersecurity expert John Reed Stark. This series -- published for the first time on Nasdaq's Governance Clearinghouse --outlines a strategic framework for boards of directors to effectively analyze and supervise corporate cybersecurity risks.
This final part of the series Top Cybersecurity Concerns for Every Board of Directors discusses the board's oversight responsibilities with respect to two of the largest enterprise undertakings in the field of cybersecurity: data mapping and encryption.
- Data Mapping: Every cyber-attack response begins with the forensic process of preserving any electronically stored information (ESI) that may be relevant to the cyber-attack. The most well-run companies establish sophisticated and intelligent data classification schemes to mitigate the costs and challenges of preserving ESI after an attack. Creating an accurate data map for a company is imperative: before a company can figure out how to protect its data, the company needs to know where that data is.
- Encryption: While encryption systems require constant maintenance, and may complicate communications lines, encryption is typically a company's last line of defense from cyber-attacks. Target's hackers had access to everything, from the deli meat scales to the cash registers, because there were no controls such as encryption limiting access. Merely encrypting sensitive data is not enough—the type of encryption is of equal importance.
This four-part series of white papers covers the following cybersecurity topics:
Part 1, Cybersecurity Governance: critical components related to the governance practices, policies and procedures of a strong cybersecurity program.
Part II, People: cybersecurity recruitment, training and retention as well as hiring outside firms for digital forensics and data breach response.
Part III, Technology: the technical systems that provide the foundation for cybersecurity infrastructure.
Part IV, Data Mapping and Encryption: an overview of the board's oversight responsibilities with respect to encryption and data mapping.
By using these white papers as a guide, boards of directors can become not only more preemptive in evaluating cybersecurity risk exposure but they can also successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management item.
Read John Reed Stark's Latest White Paper on Data Mapping and Encryption >>
John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, "The Cybersecurity Due Diligence Handbook," available as an eBook on Amazon, iBooks and other booksellers.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.