Guidance for Company Directors
AICD Offers Cyber Guidance for Directors
Australian Institute of Company Directors (AICD) has released formal cyber security principles to guide company boards of directors on managing the “core risk” of cyber security.
As Medibank and Optus continue to navigate major data breaches, the Australian Institute of Company Directors (AICD) has released formal cyber security principles to guide company boards of directors who are exhorted to brush up on managing the “core risk” of cyber security.
Produced through a collaboration between the AICD and Cyber Security Cooperative Research Centre (CSCRC), the newly released Cyber Security Governance Principles document establishes a framework to help directors manage cyber risk within their organisations.
This includes establishing roles and responsibilities around cyber security; developing and evolving cyber strategy; incorporating cyber risk into existing risk management strategies; building a resilient cyber culture across the organisation; and preparing and responding to a significant cyber incident.
The five stages of the framework are:
1. Identity – Understand the organisation and its cyber security risks, including external threats, internal vulnerabilities and potential impacts.
2. Protect – Develop appropriate strategies to protect against identified risks, such as implementing technical controls, establishing policies and procedures, or engaging third-party providers.
3. Detect – Establish processes for monitoring the security posture of the organisation, both internally and externally, to identify incidents as soon as possible.
4. Respond – Have plans in place to respond quickly and effectively when incidents occur, including restoring operations and handling customer data responsibly.
5. Recover – Develop plans for post-incident recovery activities and review the cyber security measures in place to ensure appropriate lessons are learned, and future incidents are prevented.
By following these five steps, directors can build a comprehensive and effective cybersecurity program tailored to their organisation’s needs. It is important that organisations recognise that cyber security is an ongoing process and should be reviewed regularly as threats evolve and new technologies emerge. The AICD Cyber Security Framework provides a structured way to ensure that directors are taking steps to protect their organisations from ever-evolving cyber threats.
The guidance also includes a five-step checklist of “practical low-cost steps” for directors of small businesses and not-for-profit organisations.
Reference: AICD Cyber Security Governance Principles
