Ferma and ECIIA have called for organisations to create dedicated internal cyber risk governance groups to address digital risks across the whole enterprise as the threats evolve.
Beyond the IT domain, cybersecurity is a matter of corporate governance. This aspect of cybersecurity, however, has not been fully explored by European legislation. The ECIIA and the FERMA, therefore, set up a joint working group of risk managers and internal auditors to provide guidance on the governance of cyber risk.
This document contains recommendations for a cyber governance model that will benefit European organisations – public and private – in managing their exposures to cyber risks. The timing is particularly relevant. Currently it is the final year before the effective implementation of two major EU laws: the Network and Information Security (NIS) Directive and the General Data Protection Regulation (GDPR).
ECIIA and FERMA advocate that organisations establish a cyber risk governance system, supported by a cyber risk management framework. It must go beyond the implementation of IT measures, in order to efficiently protect their assets and ensure their resilience and continuity. The model is anchored in two strong sets of principles: the eight principles set out in the OECD recommendation on Digital Security Risk Management (2015) and the Three Lines of Defence model, recognised as a standard of Enterprise Risk Management (ERM).
Full report
© ECIIA
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article