Questions for the Board to Ask Management about Cybersecurity
In brief: Produced with the NACD Director’s Handbook on Cyber-Risk Oversight, these questions are designed to guide directors as they work to strengthen oversight of their company’s cybersecurity. Questions are focused on the following areas of cybersecurity oversight: situational awareness, strategy and operations, insider threats, supply-chain and third-party risks, incident response, and post-cybersecurity incident review.
This resource can help your board
- Improve cybersecurity-related communications from management.
- Assess the company’s vulnerabilities and strengthen its cybersecurity posture according to leading practices.
- Respond appropriately in the case of a cyber incident.
Most relevant audiences: risk committee members, audit committee members, and chief information security officers.