Toolkit for Action

Structure oversight of ransomware preparedness and response, by focusing on risk governance, scenario planning, and decision-making under pressure.

Discover a path for effective incident response that strengthens organization resiliency that is based on four core pillars: governance, preparedness, response, and recovery.

Learn cybersecurity-related questions to consider in discussions within the board, with management, and with other interlocutors regarding emerging technologies and their role in the organization’s strategy.

Explore an overview of anticipated impacts and applications of quantum technologies, and collect suggested cybersecurity-related questions for board members to discuss with management as the technology matures and transitions into the marketplace.

Understand rapidly evolving AI types, capabilities, and questions to ask centered around AI oversight, regulation and risks and opportunities.

Obtain a structured approach to governance of cloud use, focusing on oversight of vendor selection, shared responsibility, and measurable risk management.

Understand the definition of insider threat, the categories of insider incidents, types of insider threat actors and the board’s responsibilities with specific actions they can perform to ensure executive management is adequately addressing insider threats.

Collect questions to ask to ensure that key components of third-party and supply chain risk management are being managed effectively.

Examine the cybersecurity risks that come about during a merger or acquisition transaction and the best practices for boards to use to conduct successful risk mitigation. 

Discover ways that boards can strengthen relationships with cyber-risk leaders to promote strategic integration, resiliency, transparency, accountability, and trust.

Examine the questions, categorized into five categories, that boards can ask to ensure that management is providing them with insightful and actionable cybersecurity metrics. 

Examine examples of foundational practices and metrics boards may leverage to determine the soundness of cyber-risk oversight during regularly scheduled cybersecurity briefings.

Consider these questions in preparing a proxy statement or other disclosures related to the board’s oversight of cybersecurity.

This boardroom tool provides practical, actionable steps to minimize directors’ personal risk exposure, reduce corporate risk exposure, and strengthen resilience against sophisticated cyber threats. 

This tool covers actions the Federal Bureau of Investigation (FBI) and US Department of Justice (DOJ) can take against cyber actors, and when and how to report a cyber incident.