Summer Regulatory Summit eBook

10. Board Cybersecurity Training

o The Board of Directors should be trained at least annually on Information Security related topics. o These topics should include phishing scams, social engineering threats, physical security, unauthorized access, and additional threats pertaining to everyday security of customer information at the Organization. o Documentation of training should be maintained and reflected in the Board minutes.

RECOMMENDATION

© SBS CyberSecurity, LLC www.sbscyber.com

32