This new white paper from Foley provides a practical, easy-to-follow blueprint for directors and officers to tackle cybersecurity. Notably, the paper includes individual “bite-sized” checklists of important considerations covering each of the key elements of a compliance & risk management program. Here are the 10 key elements – each of which is capably addressed with a targeted checklist:

10 Key Elements of a Cybersecurity Risk Management Program

– Incident Management
– User Education and Awareness
– Managing User Privileges
– Home and Mobile Working
– Removable Media Controls
– Malware Protection
– Monitoring
– Secure Configuration
– Network Security
– Cybersecurity Insurance

The paper also includes an information security “policy library” that identifies the most critical policies (e.g., access control, BYOD (bring your own device)) companies should consider as part of their compliance program, and an appendix defining key security concepts.

Effective Use of Internal Audit in Cybersecurity

This new Compliance Week article discusses ways in which companies can tap their internal audit staff to assist with their cybersecurity program, including:

• Cybersecurity risk assessment
• Identification and inventory of the company’s most important data
• Vulnerability testing (to some extent – subject to avoiding independence impairment)
• Identification of potential consequences of vulnerabilities
• Validation of company’s response plan
• Monitoring and periodic testing of program effectiveness

While internal audit functions vary widely, if the company isn’t utilizing internal audit in its cybersecurity assessment and compliance efforts, it’s likely under-utilizing a key resource.   

Access heaps of helpful resources in our “Cybersecurity” and “Internal Audit” Practice Areas.

Our April Eminders is Posted!

We have posted the April issue of our complimentary monthly email newsletter. Sign up today to receive it by simply inputting your email address!

– by Randi Val Morrison