Location

Hilton Hawaiian Village, Honolulu, Hawaii

Event Website

https://hicss.hawaii.edu/

Start Date

3-1-2024 12:00 AM

End Date

6-1-2024 12:00 AM

Description

Boards of Directors (BODs) have a unique role in managing cybersecurity: they provide oversight to operational and strategic decisions while executing a fiduciary responsibility to manage cyber-risk. Since organizations cannot count on 100% protection, BODs must ensure their organizations are cyber-resilient, and can recover quickly from cyber incidents. But BOD reporting mechanisms are inadequate for this role. Most of the reporting to BODs are on operational metrics around protection, not cyber-resilience and the business at risk from a cyber incident. This paper suggests a balanced scorecard for cyber resilience (BSCR) for BODs. This theory-building research was informed by surveys and focus groups of cybersecurity leaders and board members. The BSCR gives business context-based insights and metrics on the biggest risks to cybersecurity resilience faced by their organization, and the investments their operational managers have made to mitigate the impact of these risks. Armed with the BSCR, BODs have the information they need for meaningful discussions and evaluation of their organization’s cyber-resiliency.

Share

COinS
 
Jan 3rd, 12:00 AM Jan 6th, 12:00 AM

Board Level Balanced Scorecard for Cyber Resilience

Hilton Hawaiian Village, Honolulu, Hawaii

Boards of Directors (BODs) have a unique role in managing cybersecurity: they provide oversight to operational and strategic decisions while executing a fiduciary responsibility to manage cyber-risk. Since organizations cannot count on 100% protection, BODs must ensure their organizations are cyber-resilient, and can recover quickly from cyber incidents. But BOD reporting mechanisms are inadequate for this role. Most of the reporting to BODs are on operational metrics around protection, not cyber-resilience and the business at risk from a cyber incident. This paper suggests a balanced scorecard for cyber resilience (BSCR) for BODs. This theory-building research was informed by surveys and focus groups of cybersecurity leaders and board members. The BSCR gives business context-based insights and metrics on the biggest risks to cybersecurity resilience faced by their organization, and the investments their operational managers have made to mitigate the impact of these risks. Armed with the BSCR, BODs have the information they need for meaningful discussions and evaluation of their organization’s cyber-resiliency.

https://aisel.aisnet.org/hicss-57/os/topics_in_os/5