The ISA’s cyber-risk handbooks (also available for US, UK, Japan and Latin America) are an attempt to provide Board members with a simple and coherent framework to understand cyber risk, as well as a series of straight-forward questions for Boards to ask management to assure that their organisation is properly addressing its unique cyber-risk posture.
The handbook—developed in partnership between ISA, Ecoda and AIG — will promote continued adoption of uniform cybersecurity principles for corporate Boards not only in Europe but across the globe. A summary of the 5 principles for managing cyber risk is below, along with key recommendations and links to practical toolkits.
Toolkit A for suggested questions to include in the Board Review & Self Assessment to help assess the Board’s level of understanding of cybersecurity issues or cyber literacy
Toolkit B for a list of cybersecurity questions that directors can ask management on issues such as strategy, risk assessment, prevention measures, incident, incident response, and post-breach response and communication
Toolkit C for related questions that directors can ask to promote optimal performance metrics and reporting
Toolkit D for cybersecurity considerations related to mergers and acquisitions.
Toolkit E for references to international standards
For more information about the handbook please contact the Internet Security Alliance.