Managing Cyberthreat

59 Pages Posted: 6 Dec 2014 Last revised: 31 Jul 2018

See all articles by Lawrence J. Trautman

Lawrence J. Trautman

Western Carolina University - College of Business

Date Written: January 2, 2017

Abstract

Cyber security is an important strategic and governance issue. However, because most corporate CEOs and directors have no formal engineering or information technology training, it is understandable that their lack of actual cybersecurity knowledge is problematic. Particularly among smaller companies having limited resources, knowledge regarding what their enterprise should actually be doing about cybersecurity can’t be all that good.

My goal in this article is to explore the unusually complex subject of cybersecurity in a highly readable manner. First, an examination of recent threats is provided. Next, governmental policy initiatives are discussed. Third, some basic tools that can be used by boards and top management to improve the quality of discussions with their information technology executives are offered. It is likely that most top management and corporate directors have never heard of, let alone read: the SANS Critical Security Controls; OWASP Top Ten; CWE/SANS Top 25 Most Dangerous Software Errors; Presidential Executive Order 13636 (& Treasury Dept. Report); Quadrennial Homeland Security Review; or the NIST Framework. By offering suggestions about what top managers and boards can do to improve organizational cybersecurity awareness and readiness, this paper makes a worthwhile contribution to the literature of risk management and provides meaningful progress in strengthening the knowledge base and ability of top management and boards to govern enterprise cybersecurity.

Keywords: Audit Committee, Board Structure, Corporate Governance, Crime, Cyber, Data Breach, DHS, Directors, Enterprise Risk Management, Hackers, incentives, Information Technology, Internal Controls, Market Failure, National Security, NCCIC, NIST, OWASP; SANS, Sarbanes-Oxley, SEC, Strategy, US-CERT

JEL Classification: C88, G18, G28, G34, H56, H82, K14, K22, K33, K40, K42, L20, L86, L98, M10, M13, N40

Suggested Citation

Trautman, Lawrence J., Managing Cyberthreat (January 2, 2017). Santa Clara Computer and High Technology Law Journal, Vol. 33(2) 230 (2017). Available at SSRN: https://ssrn.com/abstract=2534119 or http://dx.doi.org/10.2139/ssrn.2534119

Lawrence J. Trautman (Contact Author)

Western Carolina University - College of Business ( email )

204 Forsyth
Cullowhee, NC 28723
United States
828-227-2642 (Phone)

Register to save articles to
your library

Register

Paper statistics

Downloads
316
Abstract Views
1,629
rank
94,002
PlumX Metrics