NACD and ISA Issue New Cyber-Risk Oversight Guidance for Corporate Directors

New insights and tools based on five principles to help boards to enhance their oversight of cyber risk

Arlington, Virginia, UNITED STATES

WASHINGTON, Jan. 12, 2017 (GLOBE NEWSWIRE) -- In response to the increased focus on the board’s role in cybersecurity oversight, the National Association of Corporate Directors (NACD), the advocate for the profession of directorship, and the Internet Security Alliance (ISA) today announced the release of the 2017 edition of the NACD Director’s Handbook on Cyber-Risk Oversight (the Handbook).

Download a complimentary copy of the Handbook at

Cybersecurity is an enterprise-level risk that affects every organization, and significant knowledge and oversight gaps still exist at the boardroom level. The Handbook is built around five core principles designed to enhance the cyberliteracy and oversight capabilities of directors of organizations of all sizes and in all industries. The 2017 edition includes updated information on the threat environment, legal developments, and current statistics on board-level cybersecurity oversight practices, along with expanded tools for directors.

“In our most recent survey of corporate directors, almost 60 percent of respondents reported that they find it challenging to oversee cyber risk,” said Peter Gleason, NACD president and CEO-elect. “Directors don’t need to be technologists to play an effective role in cyber-risk oversight—but every board can take the opportunity to improve the effectiveness of their cyber-oversight practices. That’s what the new edition of the Handbook is designed to help boards do.”

Directors can leverage this resource in a number of ways:

  • Learn foundational principles for board-level cyber-risk oversight that have been vetted and praised by cybersecurity leaders in the public and private sectors.
  • Gain insight into issues such as how to allocate cyber-risk oversight responsibilities at the board level; the legal implications and considerations related to cybersecurity; how to set expectations with management about the organization’s cybersecurity processes; and ways to improve the dialogue between directors and management on cyber issues.
  • Use the tools in the nine appendices to improve and enhance boardroom practices.

"The cyber-threat picture continues to become more challenging with nation-state attacks against both public and private sectors,” said Larry Clinton, ISA CEO. “Industry needs to demonstrate leadership in promoting enhanced cyber defense. The efforts developed around the initial NACD and ISA collaborations have been shown to be effective but need continual development. This publication provides state-of-the-art expertise crafted in practical and usable form for boards of directors or government agencies."

The Handbook is NACD’s most frequently downloaded publication and was the first nongovernment resource to be featured on the U.S. Department of Homeland Security’s US-CERT C3 Voluntary Program website.

Download the NACD Director’s Handbook on Cyber-Risk Oversight at

About NACD
The National Association of Corporate Directors (NACD) empowers more than 17,000 directors to lead with confidence in the boardroom. As the recognized authority on leading boardroom practices, NACD helps boards strengthen investor trust and public confidence by ensuring that today’s directors are well-prepared for tomorrow’s challenges. World-class boards join NACD to elevate performance, gain foresight, and instill confidence. Fostering collaboration among directors, investors, and corporate governance stakeholders, NACD has been setting the standard for responsible board leadership for 40 years. To learn more about NACD, visit To become an NACD member, please contact or 202-775-0509. If you are already a member, contact your NACD Membership Advisor at to ensure that you are receiving the best value from your membership.

About ISA
The Internet Security Alliance (ISA) is a trade association focused exclusively on cybersecurity. ISA works with organizations like NACD and the Center for Audit Quality to promote effective enterprise cybersecurity. ISA is also a prominent force on public policy. In 2011 the House Republican Cybersecurity Task Force embraced ISA’s “Cyber Security Social Contract.” In 2013 President Obama reversed his previous regulatory policy and also embraced the ISA’s market-based approach. ISA was the only trade group to brief the team at the Republican National Convention on cybersecurity in 2016. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA’s goals are to promote thought leadership, effective policy advocacy, and sound security practices.


Contact Data