From Security Weekly WikiJump to navigationJump to search
The CLTC and Booz Allen teamed up to create a report that explores considerations for r effective oversight of cyber risk focusing on board level positions. The report suggests that four key questions need to be continuously asked by the board:
1. What is our overall risk model for governing cybersecurity 2. Where, how, and when do we access the expertise to understand the risks 3. Is collaboration or competition our preferred approach with industry partners? 4. How do we share and exchange information on cyber with management and the CISO?
The report suggests that strategies for cybersecurity do not involve binary decisions but rather dynamic tensions that are always vacillating on their respective sliding scales.