Corporations have become increasingly dependent on digital services and systems. Simultaneously, they face an increasing swarm of cyber threats. A well-designed cyber security solution can help shield company’s operations and ensure that it will be able to utilise the benefits provided by digital technology in every domain of its business. The key mission of any corporate board is to promote the things that will be of benefit to the company. This is why its members must also possess an adequate level of understanding of the nature of cyber security and the associated risks to the company’s business.
The purpose of this guide
This guide will provide you with the tools that a company’s board of directors needs as well as the necessary support for improving the cyber security of your organisation. This guide does not focus on any individual technological solutions as such, but it rather has been designed to help the members of board to ask the right key questions from company’s heads and staff.
This guide is meant specifically for the board members of large and medium-sized organisations, but the people responsible for cyber security, in a company of any size, can use it as an everyday cyber security tool too. In practice, this guide can be useful to companies of all sizes and in every area of business.
The structure of this guide
This guide presents a general introduction to cyber security, and its individual chapters focus on various thematic aspects from the perspective of both the board and the organisation at large.
The parts of this guide:
- explain what cyber security is and why it should be taken seriously
- provide operating models that can be used by boards and organisations
- present the key questions that a board can review within its organisation.
Chapter 2 contains an introduction to cyber security and some examples of the most common types of threats. Chapter 3 provides guidance on how to assess your organisation’s current state. Chapters 4, 5 and 6 focus on risk management, understanding the threats that an organisation may face, and the responsibilities and processes used to promote cyber security. Chapters 7, 8 and 9 present the operating models that a board can use to promote the enforcement and development of cyber security within its organisation. Chapters 10 and 11 focus on collaboration and how one can plan for various crises.
The end of the guide includes appendices that describe the key legislative texts and official responsibilities related to cyber security. This guide has been prepared by the National Cyber Security Centre of the Finnish Transport and Communications Agency and the Digipool of the National Emergency Supply Agency. Anne Berner, Satu Koskinen, Harri Pynnä, Tuija Soanjärvi and Juhani Strömberg provided their comments for the draft version of this guide. This guide is based on the Cyber Security Toolkit for Boards, which is published by the NCSC-UK.