Author Archives for Tom Ridge

Would Your Board Pass This Cyber-Risk Oversight Test?

Published by

“If you had to sign a cybersecurity certification similar to the financial reporting requirements for corporate officers under Sarbanes-Oxley (SOX) Section 302, could you do it?” As my firm counsels boards and C-suite executives on cyber risk, we often begin by framing our conversation with that provocative question. How directors answer will indicate how confident they are in the cybersecurity posture of their business. As an exercise, let’s review SOX Section 302. For the purposes of this discussion I have replaced the finance-related text with cybersecurity-specific language. These changes are bolded, and other elements that are critical SOX measures for... Read More