대한변호사협회에서
국제소식을 알려드립니다.
작성자 | 국제팀 | 조회수 | 2240 | 작성일 | 2023-08-04 오후 5:21:00 |
---|---|---|---|---|---|
제목 | [IBA Report] Best Governance Practices for Cybersecurity Protection for Senior Managers and Boards of Directors |
||||
첨부파일 |
|
||||
Introduction: This guide presents insights and actionable steps for senior managers and boards of directors to protect their organizations against cyber-attacks. The report, titled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," is a first-of-its-kind global perspective on key governance practices. It draws from ten jurisdictions and offers comparative analysis with international case studies. 1. Understanding the Cyber Risk Profile: - Companies must thoroughly understand their organization's cyber risk profile. - Identify potential vulnerabilities and weaknesses that cyber attackers could exploit. - Regularly assess and update the cyber risk profile to stay proactive in mitigating threats. 2. Cybersecurity Expertise: - Ensure the board and management have sufficient cybersecurity expertise. - Appoint or engage cybersecurity experts to advise on best practices and risk management. - Stay updated with the latest trends and developments in cybersecurity. 3. Reporting Lines for Cyber Risks: - Establish appropriate reporting lines so that cyber risks are promptly raised to leadership. - Encourage open communication between IT teams, security personnel, and management. - Ensure that the board is kept informed of cybersecurity incidents and response measures. 4. Adequate Investment in Cybersecurity: - Allocate sufficient funds to meet cybersecurity goals and enhance cyber resilience. - Understand that investing in cybersecurity is an essential aspect of protecting the organization. - Regularly review and update the budget based on the evolving threat landscape. 5. Cyber Incident Response Plans: - Review, understand, and test the organization's cyber incident response plans. - Regularly conduct mock drills to assess the effectiveness of the response plans. - Make necessary adjustments to improve the organization's ability to handle cyber incidents. 6. Role of Senior Management: - Senior management plays a crucial role in day-to-day operations and cybersecurity governance. - They must map cybersecurity risks, identify high-priority concerns, and make informed decisions. - Responsible for ensuring internal compliance and suggesting timely analysis/assessments and updates. 7. Bridging Knowledge Gaps: - Set guidelines and standards beyond national legislation to bridge existing knowledge gaps. - Acknowledge shared accountability between senior management and boards for cybersecurity. - Promote cross-functional collaboration to enhance cybersecurity practices. 8. Top-Down Approach: - Ensure the board has a thorough understanding of financial and legal risks related to cybersecurity. - Emphasize a top-down approach to cybersecurity prioritization. - Implement recent enacted legislation that holds boards accountable for cybersecurity oversight. |