Managing Cyberthreat

59 Pages Posted: 6 Dec 2014 Last revised: 31 Jul 2018

See all articles by Lawrence J. Trautman

Lawrence J. Trautman

Prairie View A&M University - College of Business; Texas A&M University School of Law (By Courtesy)

Date Written: January 2, 2017


Cyber security is an important strategic and governance issue. However, because most corporate CEOs and directors have no formal engineering or information technology training, it is understandable that their lack of actual cybersecurity knowledge is problematic. Particularly among smaller companies having limited resources, knowledge regarding what their enterprise should actually be doing about cybersecurity can’t be all that good.

My goal in this article is to explore the unusually complex subject of cybersecurity in a highly readable manner. First, an examination of recent threats is provided. Next, governmental policy initiatives are discussed. Third, some basic tools that can be used by boards and top management to improve the quality of discussions with their information technology executives are offered. It is likely that most top management and corporate directors have never heard of, let alone read: the SANS Critical Security Controls; OWASP Top Ten; CWE/SANS Top 25 Most Dangerous Software Errors; Presidential Executive Order 13636 (& Treasury Dept. Report); Quadrennial Homeland Security Review; or the NIST Framework. By offering suggestions about what top managers and boards can do to improve organizational cybersecurity awareness and readiness, this paper makes a worthwhile contribution to the literature of risk management and provides meaningful progress in strengthening the knowledge base and ability of top management and boards to govern enterprise cybersecurity.

Keywords: Audit Committee, Board Structure, Corporate Governance, Crime, Cyber, Data Breach, DHS, Directors, Enterprise Risk Management, Hackers, incentives, Information Technology, Internal Controls, Market Failure, National Security, NCCIC, NIST, OWASP; SANS, Sarbanes-Oxley, SEC, Strategy, US-CERT

JEL Classification: C88, G18, G28, G34, H56, H82, K14, K22, K33, K40, K42, L20, L86, L98, M10, M13, N40

Suggested Citation

Trautman, Lawrence J., Managing Cyberthreat (January 2, 2017). Santa Clara Computer and High Technology Law Journal, Vol. 33(2) 230 (2017), Available at SSRN: or

Lawrence J. Trautman (Contact Author)

Prairie View A&M University - College of Business ( email )

Prairie View, TX
United States

Texas A&M University School of Law (By Courtesy) ( email )

1515 Commerce St.
Fort Worth, TX Tarrant County 76102
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics