Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

10 Questions the Board of Directors Should Ask About Cybersecurity


Written by Steve Kahan

June 7th, 2016

Corporate directors play an important role in ensuring their companies have sufficient policies and resources in place to address IT security and to respond in the event that the company suffers a cyber-attack. Board of directors should demand to receive appropriate and timely information to help them fulfill their oversight role in managing cyber risk.

Questions for Boards to consider:

1.) What are the company’s “crown jewels” and are these effectively protected? I.e. privileged account passwords

2.) Has the company effectively allocated resources based on its risk appetite and strategic assets?

3.) What technical capabilities does the company have in place to identify malicious events?

4.) How frequently does the board receive cyber security updates?

5.) What is the company’s response plan in the event of an attack?

6.) How often is the response plan tested?

7.) What relationships does the company have or need to develop with government and other organizations to respond effectively to a breach?

8.) What is the security technology roadmap and budget estimates to implement the IT security stategy?

9.) Has the company tested its response plan with a cybersecuirty exercise?

10.) How has the company organized itself to approach cybersecurity?