どこの国でもおなじですね(^^) Most executives don't pay attention to cyber risks

　こんにちは、丸山満彦です。どこの国でも同じですね。。。新しい技術に関するリスクは、経営経験が長い経営者であっても実感できないことが多くて、適切にリスクの識別、分析、評価をすることは難しいのかもしれませんね。。。
　でも、それではすまされないんですよね。。。株式会社であれば、経営者は株主に対する責任があるわけで、雇用している従業員に対しても責任があると思うんですね。。。

　
■Help Net Security
・2012.02.29 Most executives don't pay attention to cyber risks

＝＝＝＝＝
Recommendations for organizations to undertake key governance activities, such as:
• Establish the "tone from the top" for privacy and security through top-level policies.
• Review roles and responsibilities for privacy and security and ensure they are assigned to qualified full-time senior level professionals and that risk and accountability are shared throughout the organization.
• Ensure regular information flows to senior management and boards on privacy and security risks, including cyber incidents and breaches.
• Review annual IT budgets for privacy and security, separate from the CIO's budget.
• Conduct annual reviews of the enterprise security program and effectiveness of controls, review the findings, and ensure gaps and deficiencies are addressed.
• Evaluate the adequacy of cyber insurance coverage against the organization's risk profile.
＝＝＝＝＝