Mathieu Gorge, a noted cybersecurity expert and founder of VigiTrust, has published a new book, The Cyber Elephant in the Boardroom, with ForbesBooks. Gorge brings a significant amount of experience and insight to the serious challenge of getting corporate boards of directors and C-level executives to make the right choices on cybersecurity risk management. Indeed, cyber threats and regulatory compliance challenges have become increasingly difficult to deal with, even as the penalties for making mistakes have risen astronomically.
Gorge has worked with many senior leadership teams and CXOs who have struggled to understand and respond to the new threat environment. In his experience, board members are willing and interested in doing the right thing. The problem is a lack of awareness of how things actually work, coupled with poor solution choices. As he points out in the book, many remedies for cyber risk and compliance take board directors down technological rabbit holes that leave everyone scratching their heads.
He offers an approach that enables decision makers to fully understand the components and philosophies that comprise a cybersecurity program. This is Gorge’s 5 Pillars of Security Framework™, a proven and industry-agnostic methodology that enables businesses of all sizes to map cybersecurity risks and implement a cybersecurity strategy. The Framework demonstrates cyber accountability to regulators, government bodies and law enforcement agencies.
As Gorge put it, “The Cyber Elephant in the Boardroom addresses the growing divide between what must be done and what boards are willing to do – and provides the real-world advice necessary to meet this challenge.”
To keep things simple and relatable, the 5 Pillars cover:
- Physical security
- People security
- Data security
- Infrastructure security
- Crisis management
With this understandable foundation, boards can then dive into the detail that it will take to mitigate risks. The brilliance of this approach is its technically agnostic nature. It strips away vendor and industry jargon and paradigms. It’s not selling anything.
Other chapters cover a range of topics, including PCI DSS compliance, HR cybersecurity risk, and the intersection of cybersecurity and business digitization. Guest authors include: James Grundvig, author and tech journalist; Nina Shulepina, Banking Compliance Professional and Member Of The VigiTrust Global Advisory Board; Cathy C. Smith, founder, Women in Tech NJ & NY; Marco Antonio Soriano, CIO, The Soriano Group & Family Office; Robert K. Gardner, president, New World Technology Partners; Nick Vigier, CXO advisor – cyberstrategy, Coalfire; Ed Adams, president and CEO, Security Innovation; Marie-Christine Vittet, VP of compliance, Accor; Cecile Martin and Thibaud Lauxerois, managing partner and attorney (respectively) of the Ogletree Deakins Paris office; and Alexander Abramov, Board Member and Past President of ISACA New York Metropolitan Chapter.