EDRM Blog

Cyber Fundamentals: Role of Top Management

Cyber Risk Management Chronicles: Episode 1

Lockhaven Solutions logo
Lockhaven Solutions Logo

All organizations are at different stages of cybersecurity risk management program development. These stages range from one end of the spectrum, where cybersecurity is not a consideration at all, to the opposite end where the organization has a holistic and proactive cybersecurity approach.

Given that cybersecurity is an ongoing strategy and not a technology (nor a destination), there are several fundamental risk management components that every program, regardless of current stage, should embrace. 

Role of Senior Management: While it is the responsibility of the board to provide leadership and guidance for the enterprise-wide cybersecurity program, it will not succeed unless senior management takes a proactive stance in creating, maintaining, and governing the program. Without such support the implementation of even a well-envisioned program will fail. 

We live in the age of eternal breach – cyber and data privacy risks permeate our lives.

Dr. Jack Dever and James Dever, Lockhaven Solutions

It is most often the senior management of an organization that has a comprehensive and clear understanding of how their organization functions, to include the intricacies of culture and history, both positive and negative. This gives them unique insight, especially in a federated environment, into matters that are critical to a program’s success.

Senior Management have knowledge of the relevant stakeholders; critical data and systems; understanding of conflicting points of view relative to security issues; and an understanding of how to best operationalize a program in their unique environment.

Therefore, senior management are crucial in the build of an effective program that strikes the appropriate balance between risk and other potential competing interests. This cooperation requires effort on all sides, including trust and close coordination between senior management, centralized “corporate” functions, and information security professionals

0

Dr. Jack Dever & James Dever, Lockhaven Solutions

Dr. Jack Dever is CEO and Co-Founder of Lockhaven Solutions, a professional services company specializing in tailored, risk-based solutions for our digital world. Jack served as FBI Assistant General Counsel where he advised on global cyber operations against nation state actors and Tier 1 operations against terrorist organizations. He was an Assistant US Attorney for the Northern District of Illinois (Chicago) and served on active duty in the US Army as a Judge Advocate. He deployed multiple times to war zones and is a highly decorated combat Veteran. After leaving government service, but before founding Lockhaven, Jack was an Executive at General Electric where he served as Global Crisis Management Leader and developed the Business Intelligence Cyber Fraud Unit. He was also an Executive at several of the world’s largest banks including GE Capital, Wells Fargo, and UBS. He holds a doctorate in Cyber Law and is Co-Director at the Center for National Security and Human Rights Law in Chicago. James Dever is Co-Founder and Principal of Lockhaven Solutions. James is a former US Air Force Professor of Cyber Warfare. In partnership with Air Force and NSA Cryptologic School colleagues, he designed and taught new graduate programs in Cyber Strategy for senior military officers and DoD civilians. He served on active duty in the US Army. He was the senior Cyber Warfare Judge Advocate at Army Cyber Command where he advised on global offensive, defensive, and DoD information network missions. He also served as Chair of the Law Department at the Army Intelligence School. Prior to military service, he was an attorney at Deloitte Cyber Risk where he facilitated enterprise cyber risk management for Fortune 100 companies and partnered with the National Institute of Standards and Technology (NIST) to develop the Trusted Identities in Cyberspace and Privacy Engineering programs. He is Co-Director of the Cyber Risk Management for Executives Program in Chicago and a member of the Board of Directors at the Journal of Law & Cyber Warfare.


en_USEnglish