NYSE
by Neil Ford

The New York Stock Exchange (NYSE) has released a 355-page guide to cybersecurity (Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers), written by more than 80 individual contributors representing organizations including Booz Allen Hamilton, Dell SecureWorks, Georgia Institute of Technology, the Internet Security Alliance, Rackspace Inc., the US Department of Justice Cybersecurity Unit, Visa, Wells Fargo, and the World Economic Forum.

This ‘definitive guide’ collects “the expertise and experience of CEOs, CIOs, lawyers, forensic experts, consultants, academia, and current and former government officials”, and “contains practical and expert advice on a range of cybersecurity issues including compliance and breach avoidance, prevention and response.”

“No issue today has created more concern within corporate C-suites and boardrooms than cybersecurity risk.”

Tom Farley, President, New York Stock Exchange

Among the report’s many opinions is one that we at IT Governance have maintained for a long time: the recommendation that organizations align their cybersecurity program with “at least one standard… so progress and maturity can be measured. In determining which standard to use as a corporate guidepost, organizations should consider the comprehensiveness of the standard. […] ISO/IEC 27001… is a comprehensive standard and a good choice for any size of organization because it is respected globally and is the one most commonly mapped against other standards.”

All NYSE-listed company board members will receive a copy of the guide; if you are yet to receive your copy, it can be downloaded here >>

For more information on ISO 27001 and how it can help your organization with a best-practice cybersecurity posture, click here >>

“This is not simply an IT issue. It is a business problem of the highest level.”

Charles W. Scharf, CEO, Visa Inc.

ISO 27001 information security management

An information security management system (ISMS), as described by ISO 27001, provides a risk-based approach to information security that enables organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls. An ISMS addresses people, processes, and technology, providing an enterprise-wide approach to protecting information – in whatever form it is held – based on the specific threats the organization actually faces, thereby limiting the inadvertent threats posed by untrained staff, inadequate procedures, out-of-date software solutions, and more.

Priced from only $659, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organizations, whatever their size, budget, or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organizations to implement an ISMS with the minimum of disruption and difficulty.