The Security Team at the Top: The Board of Directors

Note: Presentation times are in Pacific Standard Time (PST).

Thursday, February 03, 2022 - 11:35 am12:05 pm

Anthony Vance, Virginia Tech

Abstract: 

There are many teams in security—blue teams, red teams, purple teams, etc. This talk is about the security team that few people think about but has the potential to be the most powerful and influential security team in the organization: the board of directors. Through in-depth interviews of board directors, CISOs, and senior-level consultants who advise boards on security, we illustrate challenges that boards face in providing meaningful oversight of security. We also show how CISOs are gaining strategic importance in supporting and advising the board. Finally, we describe ways that security practitioners can help boards realize their potential as the most powerful security team in the company.

Anthony Vance, Virginia Tech

Anthony Vance is a Professor and Commonwealth Cyber Initiative Fellow in the Department of Business Information Technology of the Pamplin College of Business at Virginia Tech. He earned Ph.D. degrees in Information Systems from Georgia State University, USA; the University of Paris—Dauphine, France; and the University of Oulu, Finland. Previous to his PhD studies, he worked as a cybersecurity consultant at Deloitte. His research focuses on how to help individuals and organizations improve their cybersecurity posture, particularly from behavioral, organizational, and neuroscience perspectives. His work is published in outlets such as MIS Quarterly, Information Systems Research, Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), Workshop on the Economics of Information Security (WEIS), the Symposium on Usable Privacy and Security (SOUPS), and other outlets. He currently is a senior editor at MIS Quarterly.
BibTeX
@conference {277400,
author = {Anthony Vance},
title = {The Security Team at the Top: The Board of Directors},
year = {2022},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = feb,
}