The National Cyber Security Centre (‘NCSC’) has updated its Cyber Security Toolkit for Boards. The Toolkit provides resources designed to encourage essential cyber security discussions between the Board and their technical experts.
The NCSC – which is a part of GCHQ – established a Board Toolkit with nine standalone modules to introduce key topics in cyber security. Each topic includes suggested questions and possible answers, to ask within an organisation to open up discussions between the Board and Staff. Originally published in 2019, the toolkit proved very popular with boards and it's their feedback, together with input from non-executive directors and the NCSC i100 industry team, that will ensure the toolkit remains up-to-date, relevant, and framed in language that boards are familiar with.
The toolkit helps boards ensure that cyber resilience and risk management are embedded throughout their organisations. It will help you to make informed cyber decisions that are aligned to your wider organisational risks, and ensure cyber security is assigned appropriate investment against other competing business demands.
As a board member, it is important to view cyber resilience strategically. Cyber security risk should have the same prominence as financial or legal risks in board discussions.
Crucially, cyber security is not just ‘good IT'; it underpins operational resilience and when done well, enables your organisation's digital activity to flourish.
What is new?
In each of the sections within the Board Toolkit you will now find:
- bite-sized videos to provide boards with a quick overview of each module.
- essential activities that boards should expect to see in your organisation.
- indicators of success: a series of questions (with possible answers) that boards can use to help evaluate your organisation's performance; these are designed as a ‘starting point’ to encourage productive cyber security discussions between boards and key stakeholders (rather than a checklist that’s simply to be worked though).
Further new additional resources include:
- a sample script of questions to find out whether you (as a board member). have enough cyber security knowledge to ensure your organisation has the appropriate plans in place to mitigate threats.
- an ‘executive summary’ that summarises each section of the Board Toolkit.
- use cases that draw on real-life incidents to bring the guidance to life.
- a Board Toolkit podcast, with contributions from industry-leading voices, including the NCSC's former Chief Operating Officer Paul Maddison.
You can find out more about the Toolkit by following the link.