As the highest level of your organization’s leadership, the board assumes ultimate accountability for governing cyber risk and therefore must oversee the organization’s strategy, policies, and activities in this area. Specifically, the board should:
The board’s effective cyber risk oversight depends on members’ command of the subject and up to date information.
Alongside senior management, the board must set and exemplify your organization’s core values, risk culture, and expectations with regard to cyber resilience.
Confirm that you can affirmatively answer the following questions: