D&o Guide to Cyber Governance: Fiduciary Duties in the Digital Age

Directors and officers of organizations grapple with how to manage and govern cyber risks. From asking simple questions about whether their company has a mature cybersecurity program to fielding more complex queries about ransomware and cyber insurance, boards and executives should understand what cyber governance really means and how they should be exercising oversight of digital risks. This practical and timely guide will help directors and officers, and those who counsel them, understand how to appropriately govern cyber risks.

Written by leading expert Jody Westby, this resource provides the basic information directors and officers need to know to meet their fiduciary duties, exercise appropriate cyber governance, and protect their organization against shareholder derivative and securities lawsuits. Practical and user-friendly, this guidebook contains checklists, practice tips, charts, and resources to help you:

• Develop a governance framework in alignment with best practices and standards
• Understand the elements of a cybersecurity program
• Ensure privacy and security compliance requirements are met
• Manage a cybersecurity incident and make hard decisions
• Develop appropriate risk transfer and management strategies
• And more!

As an added bonus, the book includes a cyber governance checklist, a cyber lingo cheat sheet, and a list of abbreviations that serve as a guide and reference.

Global Cyber Risk’s (GCR) founder and CEO, Jody Westby, spent a decade in the IT industry before becoming an attorney and founding GCR. Ms. Westby is one of the few privacy and security professionals who understands how to integrate privacy and security compliance issues with security standards, infrastructure architecture, and technical solutions to protect digital assets. Ms. Westby is a professional blogger for Forbes. She serves as Adjunct Professor to Georgia Institute of Technology’s School of Computer Science. She was lead author on Carnegie Mellon’s Governing for Enterprise Security Implementation Guide, which was developed for boards and senior management. She is author of the 2008, 2010, 2012, and 2015 Governance of Cybersecurity survey reports published by Carnegie Mellon and Georgia Tech. Ms. Westby’s work on the governance responsibilities of boards and senior executives for the security of their organizations’ systems and data has been featured by the CISO Executive Network, Bloomberg BNA, and other major media. She also publishes a regular column on cybersecurity issues in Leader’s Edge magazine, published by the Council of Insurance Agents and Brokers (CIAB). Under Ms. Westby’s leadership, Global Cyber Risk LLC has developed a reputation for its f irst- tier advisory and technical services. Drawing upon a unique combination of more than thirty years of technical, legal, policy, and business experience, Ms. Westby has developed proprietary methodologies for cyber risk assessments, incident response planning, cyber governance, and digital inventories and data mapping. GCR’s clients include large, mid- sized, and small businesses, non- profit organizations, and governments. Prior to founding GCR, Ms. Westby served as senior managing director for PricewaterhouseCoopers (PwC) where she was responsible for information security, privacy, information sharing, and critical infrastructure protection issues across the federal government. She also was co- lead in launching the firm’s outsourcing practice. Before joining PwC, Ms. Westby founded the Work- IT Group LLC and specialized in serving government and private sector clients on legal and regulatory issues associated with information technology and online business. Working with The World Bank and USAID, Ms. Westby has advised government officials and industry in Bulgaria, Croatia, Macedonia, Romania, Armenia, Serbia, Russia, Vietnam, Bangladesh, Trinidad, 167168 D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age Dominica, St. Lucia, Grenada, South Africa, Mexico, and India on the development of their legal frameworks for e- commerce, security, and privacy. Previously, Ms. Westby was Director of Domestic Policy for the U.S. Chamber of Commerce, where she was responsible for a wide range of business policy issues under her purview. Her department was responsible for influencing national policy in both the legislative and regulatory arenas in each of these areas. Ms. Westby organized and managed national coalitions and supervised U.S. Chamber involvement in thirty- three industry coalitions. Ms. Westby also: - Launched In- Q- Tel, an IT solutions/venture capital company founded by the CIA to address the intelligence community’s most pressing technology problems and served as its Chief Administrative Officer and Counsel - Served as Senior Fellow & Director of IT Studies for the Progress & Freedom Foundation - Practiced law with the New York firms of Shearman & Sterling and Paul, Weiss, Rifkind, Wharton & Garrison. Ms. Westby is a member of the bars of the District of Columbia, Colorado, and Pennsylvania, and the American Bar Association (ABA). She is chair of the ABA’s Privacy and Computer Crime Committee (Section of Science & Technology Law) and serves as co- chair of the ABA Cybercrime Committee (Section on Criminal Justice). She has served four terms on the ABA President’s Cybersecurity Legal Task Force. Ms. Westby was chair, co- author, and editor of the International Guide to Combating Cybercrime, International Guide to Cyber Security, International Guide to Privacy, and Roadmap to an Enterprise Security Program (endorsed by the Global CSO Council), published by ABA Publishing. She is author of the Legal Guide to Cybersecurity Research and the Legal Guide to Botnet Research, also published by ABA Publishing. She represented the ABA on the National Conference of Lawyers and Scientists from 2004-2010. From 2010-2012, Ms. Westby served as co- chair of the World Federation of Scientists’ Permanent Monitoring Panel on Information Security and represented WFS in UN meetings. She was appointed to the United Nations’ ITU High Level Experts Group on Cyber Security and chaired the development of the ITU Toolkit for Cybercrime Legislation (later changed to the ABA Toolkit for Cybercrime Legislation). She was co- author and editor of the United Nations’ ITU 2010 publication, The Quest for Cyber Peace, published in six languages. Ms. Westby has also served on the advisory board of The Intellectual Property Counselor and BNA’s Privacy and Security Law Report. Ms. Westby has authored numerous articles and papers and has been quoted in publications such as the Financial Times, International Herald Tribune, USA Today, and Washington Post, and leading trade journals. She speaks globally on topics pertaining to 169 About the Author her areas of expertise and regularly appears as a television commentator on cybersecurity issues. She was elected to join the American Bar Foundation in 2007 and the Cosmos Club in 2010. She received her B.A., summa cum laude, from the University of Tulsa, and a J.D., magna cum laude, from Georgetown University Law Center. She is a member of the Order of the Coif.