You are receiving this e-mail because you subscribed to this or a related news source. If you want to unsubscribe please follow the instructions listed. With a Scrum team dedicated to cyber security and a board that treated it differently than other business continuity issues, much could be done to secure data in the public and private sector. In the era of cyber security breaches that cost business and governments millions if not billions of dollars, a new way of governing for profit and non-profit boards is in order. This according to Ryn Melberg on her weekly podcast entitled, The Guardian. The Guardian Podcast with Ryn Melberg can be heard on iTunes, Soundcloud, or www.rynmelberg.com. Not Like Other Continuity Issues Business has been treating cyber security the same way as any other business continuity issue. Re-routing calls in a call center when the power goes out is a very typical continuity issue. When the power goes off it is obvious to everyone, but with a cyber breach, it is not. Managing cyber security issues like this makes them more difficult to detect. “Whether with Target or even Ashley Madison, the hackers are inside the site and doing great harmlong before anyone even knows they are there,” Melberg said. “Directors do not seem to grasp that these break-ins are different than other continuity events. That is why cyber security and governance need another strategy.” No Days Off Melberg says that tracking and managing cyber break-ins has to be a daily task for companies that are big enough to be vulnerable. “When the building is hit by lightening, it is hard to miss,” she said. “Hackers work hard to make sure that they go undetected for as long as possible. This is a huge issue that every board should be equipped to manage proactively.” Audit Committee Making cyber part of the responsibility of the audit committee is one way to manage this issue, possibly even assigning a separate person or subcommittee to this is one approach. “Early detection is the key to being more secure,” Melberg said. “When managing traditionally, it is not possible to know anything in advance.” Melberg compared this to trying to find a shoplifter inside a store. “If the shoplifter was inside the store and stealing for days, and then gone once you noticed something missing there is not much good even the most well intentioned security person to make a difference.” The CIO As Board Member Given that the CIO is responsible for all technology he/she should be a member of the board. “The person closest to the problem is usually the one closet to the solution,” Melberg said. “As the CIO is in charge of all things technical and is going to get the blame for any break-ins anyway, he/she should be on the board and a member of the audit committee. They are the ones who will have to fix whatever is broken.” More people working on an issue does not always make it better. “You can have all kinds of federal agencies show up to work on a cyber breach from the FBI to the NSA to Homeland Security,” Melberg said. “It will take longer to sort out jurisdiction than it would to start working on a breach.” Scrum To The Rescue One Scrum team dedicated to finding the potential for a break-in and doing this every day is probably the best way to prevent breaches. “What happens in a traditional setting, a team has to be formed before any actual work gets done,” Melberg said. “A half dozen people working on security and preventing cyber security breaches is a very small amount of money to spend compared to what a break-in will cost.”
