Information Security - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Information Security

Description:

agree to the business of the company being carried on ... Avoiding business interruption ... Get external, professional advice (establish relevant credentials first) ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 13
Provided by: securitya
Category:

less

Transcript and Presenter's Notes

Title: Information Security


1
Information Security
  • What Directors Need to Know

Mark Hargreaves
2
Topics Covered
Directors duties generally
Relevance to information security
Practical outcomes
3
Directors Duties Generally
  • Who is a director?
  • Can include people in executive management roles
  • Companies Act 1993 is primary statute
  • A director of a company must act in good faith
    and in what the director believes to be the best
    interests of the company
  • A director must not
  • agree to the business of the company being
    carried on
  • cause or allow the business of the company to be
    carried on
  • in a manner likely to create a substantial risk
    of serious loss to the
  • companys creditors

4
Directors Duties Generally (cont)
  • A director must exercise the care, diligence
    and skill that a reasonable director would
    exercise in the same circumstances, taking into
    account
  • the nature of the company
  • the nature of the decision
  • the position of the director and the nature of
    the responsibilities undertaken by him or her
  • Directors can rely on reports, statements,
    financial data and other information supplied by
    employees, professional advisers, experts and
    other directors but only where the director

5
Directors Duties Generally (cont)
  • acts in good faith
  • makes proper enquiry where the need to do so is
    indicated by the circumstances
  • has no knowledge that his/her reliance is
    unwarranted
  • Boards can delegate powers but must
  • believe on reasonable grounds that the delegate
    will exercise the power in conformity with the
    duties imposed on the directors
  • monitor by proper means the exercise of the
    delegated power

6
Directors Duties Generally (cont)
  • Duties imposed under a raft of other legislation
    eg
  • Financial Reporting Act
  • Health Safety in Employment Act
  • Employment Relations Act
  • Privacy Act
  • Obligations imposed on companies by contract
  • Commercial sensitivity generally
  • Should NEVER be a question of what is the least
    that a director can get away with doing?

7
Directors Duties Generally (cont)
  • Should ALWAYS be a question of what is in the
    best interests of the company?
  • It should not just be the board that is asking
    this question. Sound management practice
    requires senior executives to be proactive in
    raising compliance issues with the board
  • Increasing emphasis on good corporate governance

8
Relevance to Information Security
  • Avoiding remediation costs
  • Avoiding business interruption
  • may be uninsured if lack of monitoring/ positive
    action has contributed to the loss
  • Loss of reputation
  • Loss of opportunity
  • Loss of commercially sensitive information
  • Damage to current/future shareholder value

9
Relevance to Information Security (cont)
  • Breach of contractual obligations to maintain
    confidentiality (can lead to contract termination
    and/or damages)
  • Personal liability for directors
  • Prosecution of company
  • Late identification of system defects can
    prejudice (legally and practically) ability to
    recover losses from system suppliers

10
Practical Outcomes
  • Need to be tailored to the size/type of business
  • Generally speaking, should always be an
    in-focus issue for board
  • Delegation to a board sub-committee or to senior
    management is ok, but delegation to be
    reasonable/monitored
  • Get external, professional advice (establish
    relevant credentials first)
  • Establish a tailored best practice benchmark
    (and review regularly eg annually)

11
Practical Outcomes (cont)
  • Build a compliance programme to test conformity
    to benchmark

Identify the risks
Measure the risk
Develop formal control systems through standards,
guidelines, and procedures
Monitor (audit) the effectiveness of the
programme on a regular basis
Implement the same through manuals, training, and
reporting requirements
12
Practical Outcomes (cont)
  • Always keep a tight, written audit trail
  • Good discipline produces better results
  • Assists with cost/benefit analysis
  • CYA (board and management)
  • Include in job descriptions/KPIs for relevant
    senior management (CIO, CFO, CEO)
  • Have tight contracts with suppliers, with
    specific security requirements and clear
    consequences of failure to achieve these
  • Adopt the constant vigilance mantra expect to
    spend (invest) money on this!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!