Designed specifically for board members, this session will explore the UK Cyber Governance Code of Practice, with a focus on the 'Assurance and Oversight' principle of the Code; exploring standardising reporting, requesting assurance, and promoting collaboration between the business and technology teams.
The Corporate Governance Code of Practice (CGCP) was published by the UK Department for Science, Innovation and Technology this April, with the aim of supporting boards in governing cyber security risks. The Code sets out the most critical governance actions that directors are responsible for, forming part of the government's free support package.
Topics covered will include:
- Tailoring an approach to cyber governance that is suitable for organisations with high supplier dependence.
- Applying the Three Lines of Defence model to establishing cyber security accountability, and identifying the boundaries of the model for cyber.
- When to request a pen-test and when red-teaming might be the better choice.
- Considering when to request a cyber maturity assessment.
- Improving the collaboration between business and technology teams.
- How to interpret a SOC2 report.
- Your board pack: Reports and metrics covering cyber resilience.