« 総務省+経産省 グーグル株式会社に対する通知 | Main | NIST Draft SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations »

2012.03.01

どこの国でもおなじですね(^^) Most executives don't pay attention to cyber risks

 こんにちは、丸山満彦です。どこの国でも同じですね。。。新しい技術に関するリスクは、経営経験が長い経営者であっても実感できないことが多くて、適切にリスクの識別、分析、評価をすることは難しいのかもしれませんね。。。
 でも、それではすまされないんですよね。。。株式会社であれば、経営者は株主に対する責任があるわけで、雇用している従業員に対しても責任があると思うんですね。。。

 
■Help Net Security
・2012.02.29 Most executives don't pay attention to cyber risks

=====
Recommendations for organizations to undertake key governance activities, such as:
• Establish the "tone from the top" for privacy and security through top-level policies.
• Review roles and responsibilities for privacy and security and ensure they are assigned to qualified full-time senior level professionals and that risk and accountability are shared throughout the organization.
• Ensure regular information flows to senior management and boards on privacy and security risks, including cyber incidents and breaches.
• Review annual IT budgets for privacy and security, separate from the CIO's budget.
• Conduct annual reviews of the enterprise security program and effectiveness of controls, review the findings, and ensure gaps and deficiencies are addressed.
• Evaluate the adequacy of cyber insurance coverage against the organization's risk profile.
=====

|

« 総務省+経産省 グーグル株式会社に対する通知 | Main | NIST Draft SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/54110559

Listed below are links to weblogs that reference どこの国でもおなじですね(^^) Most executives don't pay attention to cyber risks:

« 総務省+経産省 グーグル株式会社に対する通知 | Main | NIST Draft SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations »