American University's Kogod School of Business is carving out its own niche in the cybersecurity space, launching the Kogod Cybersecurity Governance Center Thursday.
Cybersecurity is a growing industry, ripe with opportunities as the scope of cyber threats expand and the attacks become more sophisticated. But too often the industry travels from one high-profile attack to the next — be it Target or the U.S. Office of Personnel Management — without focusing on the discussions board rooms need to be having to confront these threats.
"Lots of people have focused lots of attention ... to 'protect and detect,' meaning, put up those firewalls, find out if anybody has gotten through etc., with the belief, years ago, you could actually protect yourself 100 percent," said William DeLone, who will be the executive director of the Kogod Cyber-security Governance Center. "What the focus needs to be in addition to 'protect and detect ... ' is 'response and recovery' and this becomes a management and governance issue, not just a technology issue."
Kogod's new cyber-security governance center is aimed at re-framing the discussion. Industry knows the dangers all too well. But it may not be aware of the potential legal costs that come with failing to ensure companies implement cyber-security policies should an attack happen.
On Sept. 22, it was announced that St. Louis-based investment firm R.T. Jones Capital Equities Management had to pay the U.S. Securities and Exchange Commission a $75,000 penalty for failing to implement written policies and procedures for ensuring security ahead of an attack that compromised more than 100,000 people's personal information.
This minor fine sent a big message: Cyber-security must be a priority of every major company handling personal information. If it isn't, these companies will be made to pay.
"If you can imagine, with all that's been going on, companies still do not have a cyber-security policy, do not have ... what's called a 'chief information security officer,'" DeLone said.
DeLone said the new center is likely the first of its kind. He said after exhaustive outreach and a search by MBA students looking for similar programs in academia, there were several programs in the technical space and just one in corporate governance — but enterprise risk management, not cyber risk management
Cybersecurity is a growing industry, ripe with opportunities as the scope of cyber threats expand and the attacks become more sophisticated. But too often the industry travels from one high-profile attack to the next — be it Target or the U.S. Office of Personnel Management — without focusing on the discussions board rooms need to be having to confront these threats.
 |
| The Kogod Cybersecurity Governance Center at American University opens. |
Kogod's new cyber-security governance center is aimed at re-framing the discussion. Industry knows the dangers all too well. But it may not be aware of the potential legal costs that come with failing to ensure companies implement cyber-security policies should an attack happen.
On Sept. 22, it was announced that St. Louis-based investment firm R.T. Jones Capital Equities Management had to pay the U.S. Securities and Exchange Commission a $75,000 penalty for failing to implement written policies and procedures for ensuring security ahead of an attack that compromised more than 100,000 people's personal information.
This minor fine sent a big message: Cyber-security must be a priority of every major company handling personal information. If it isn't, these companies will be made to pay.
"If you can imagine, with all that's been going on, companies still do not have a cyber-security policy, do not have ... what's called a 'chief information security officer,'" DeLone said.
DeLone said the new center is likely the first of its kind. He said after exhaustive outreach and a search by MBA students looking for similar programs in academia, there were several programs in the technical space and just one in corporate governance — but enterprise risk management, not cyber risk management
No comments:
Post a Comment