720-891-1663

Cybersecurity Training and Services for Boards

Click HERE to read our GRC Solution Assessment Report or call 303-887-5864

In this short video, cybersecurity professionals Mitch Tanenbaum and Ray Hutchins discuss their strategic approach to cybersecurity governance and risk managment. They explain the critical role boards play in risk management and how board members (and top management) can reduce their personal risk exposure by being more informed on cybersecurity and privacy issues. They also explain why having them on your team is like having money in the bank.

"Members of boards have fiduciary responsibilities to be informed about cybersecurity and privacy risks facing companies that they serve. This requires training. Additionally, the SEC says cybersecurity experts should serve on the board.
We provide a full range of training and other support services for boards."

--Ray Hutchins, Managing Member, Huttan Holding, LLC

Training for Board Members Includes:

All boards have different interests and requirements for such training, therefore we tailor each program to your needs. Additionally, boards themselves have widely differing appetites for learning about risk management and cybersecurity.

The new U.S. National Cybersecurity Strategy and SEC regs are increasing the urgency of such training within boards.

Training is typically scheduled during normal board meetings. Each situation is different, but we typically recommend four training sessions over the course of four quarterly or monthly meetings. Each training session is a 1.5 hour, interactive (Zoom or equivalent) session with time for Q&A. Sessions are recorded for documentation and later traing or review. The sessions typically generate many questions.

Trainings are performed by company partners Mitch Tanenbaum and Ray Hutchins, each of whom is imminently qualified to teach their fellow citizens how better to protect our nation's assets.

Over the course of the training, we'll typically cover:

  1. Risk management: Risk management strategies including risk assessment, risk mitigation, risk transfer, and risk acceptance.
  2. U.S. National Cybersecurity Strategy:This important new national strategy impacts many things that affect your company.
  3. Ransomware response strategy:Overview of the current threat landscape and the potential impact on the organization's operations, reputation, financial performance and company valuation.
  4. Threat landscape:Overview of the current threat landscape and the potential impact on the organization's operations, reputation, financial performance and company valuation.
  5. Regulatory landscape:Overview of the current threat landscape and the potential impact on the organization's operations, reputation, financial performance and company valuation.
  6. Risk appetite and tolerance:Has your company defined these and are the company's risk management strategies aligned with these levels?
  7. Incident response:Board members should be familiar with the organization's incident response and/or emergency operations plans. This includes the key steps involved in incident response, which includes detection, containment, investigation, and recovery. We'll also cover management's communications with the board during incidents.
  8. Third-party risk management:Risks associated with third-party vendors and service providers and how the organization manages these risks.
  9. Cybersecurity metrics and reporting:Introduction to the metrics associated with tracking cybersecurity and privacy risks and the effectiveness of risk management strategies. Boards must understand how to interpret these metrics and reports and how to use them to make informed decisions about cybersecurity and privacy risks.
  10. D&O and company cyber insurance:Coverage requirements and considerations.
  11. GRC solution review:Leveraging off our latest position paper and assessment of forty GRC solutions, we discuss the features, limitations, and costs of such systems. We help board members and executives establish expectations for understanding and maximizing the value of such systems.
Benefits of Professional Board Training Includes:
  • Demonstrates to employees, customers, vendors, investors, regulators, and insurers the leadership’s unequivocal commitment to responsible cybersecurity.
  • Takes the most important first step towards a sound and long-lasting cybersecurity governance posture.
  • Supports increased company valuation.
  • Enables a more favorable negotiation posture for D&O and other cyber insurance coverage, terms and rates.
NOTE: The Board of Directors has “risk oversight” responsibility and liability; the board does not itself manage cybersecurity risks or any other risks; instead the board manages corporate oversight of these matters.

We offer the following critical, confidential Board of Directors (BOD) cybersecurity and privacy services:

1. Direct membership on boards as cybersecurity, privacy, and risk management specialists
2. BOD training (see above)
3. Company risk management plan reviews
4. BOD D&O insurance policy reviews
5. Company cybersecurity policy reviews
6. Translation of management and IT reports to the BOD
7. Review of risk management mitigation activities
8. Expert witness services

Our BOD advisory and training services fully align with the U.S. National Cybersecurity Strategy, the NIST Cybersecurity and Privacy Frameworks, the DoD CMMC framework, and any other applicable compliance requirements.

NOTE: For purposes of any engagement, we recommend that we report directly to the board or appropriate board sub-committee and not the organization’s management. This helps the board meet their independent oversight requirements as mandated by the SEC, FTC, and other regulatory agencies.

Position Papers of Possible Interest
The Global Cyberwar and Societal Response
Caremark and More Propels New Board Risks

© 2024 Copyright , All rights reserved. Privacy Policy Last Updated June 21, 2022

z z