For Boards and the C Suite

Board Governance

• Overcoming stubborn execs for security sake. CSO, January 7, 2016
• Cybersecurity and the Twenty-First Century Board of Directors. Huffington Post, December 31, 2015
• What The Boardroom Thinks About Data Breach Liability. Dark Reading, November 6, 2015
• What Cybersecurity Questions Are Boards Asking CISOs? Security Intelligence, October 23, 2015
• Why Corporate Boards Are Picking Women to Fill Cybersecurity Posts, Bloomberg Business, October 22, 2015
• How do you translate data security information to the board?, Information Age, October 22, 2015
• Do boards of directors actually care about cybersecurity?, CSO, September 1, 2015
• Cybersecurity on the agenda for 80 percent of corporate boards, CSO, May 28, 2015
• Boards Dissatisfied with Cyber, IT Risk Info Provided by Management, Security Week, January, 2, 2015
• Managing Cyber Risk: Job #1 for Directors and General Counsel, FTI Journal, July 2014
• The Board’s Role in Cybersecurity, Richard Clarke and Jacob Olcott, The Conference Board, March 2014
• Cybersecurity — A Board Primer, BDO Board Reflections, Winter 2014
• Cyber Risk and the Board of Directors—Closing the Gap, Michael Gold, Bloomberg Law, October 2013
• 2013 NACD Advisory Council on Risk Oversight Summary of Proceedings. NACD, May 2013
• CISOs Must Engage the Board About Information Security. CIO May 31, 2013
• Unbalanced alignment. Information security needs to become a board-level priority and its executives need to have a seat at the boardroom table. Ernst & Young 2012 Global Information Security Survey – Fighting to close the gap, October 2012
• Clueless’ boards risk lawsuits, threaten national security. Network World, May 23, 2012
• Boards Are Still Clueless About Cybersecurity. Forbes Magazine, May 16, 2012
• Governance of Enterprise Security – Carnegie Mellon University – CyLab Report, 2012

Citadel Cyber Security White Papers and Management Guides

• The Human Factor in Information Security – Kim Pease, Citadel Information Group & Michael Kemps, Innovative Computing Systems, Law Journal Newsletter, December 2016
• Effectively Managing Information Security Risk
• Success Strategy for Infosec Planning and Implementation
• Seven Requirements for Successfully Implementing Information Security Policies, 2012
• Beyond Awareness Training, It’s Time to Change the Culture
• Can You Prevent Hackers from Taking Over Websites – Web-Site Security Basics
• Memo: Mitigating the Risk of Disciplining IT Staff
• Protecting your Business from the Social Network Threat

Other Management Guidelines

• Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology (NIST), February 2014
• Cybersecurity Framework, General Information Page, NIST
• 10 Social Media Must Haves for Corporate Compliance and Ethics, Michelle Sherman, 2011
• US CERT Common Sense Guide to Prevention and Detection of Insider Threats (2005)
• Fraud Advisory for Businesses-Corporate Account Take Over, FS-ISAC, 101018
• ISSA Generally Accepted Information Security Practices (2004)
• ISACA Information Security Governance Guidance for Boards of Directors and Executive Management 2001
• Information Security Governance National Cybersecurity Partnership, 2004
• Information Security Governance, PPT-charts, National Cybersecurity Partnership, 2004
• NSA Defense In Depth
• Protecting Consumer Privacy in an Era of Rapid Change, FTC, 2012
• Securing Cyberspace Business Roundtables Framework for the Future, 2004
• NIST-7621 Small Business Information Security Fundamentals (2009)