Apple Shareholders Demand Security Risk Reports From the Board

Friday, October 19, 2012

Tripwire Inc

Bd07d58f0d31d48d3764821d109bf165

Article by Ken Westin

Apple shareholders recently made a request of Apple’s Board of Directors to provide a report regarding how Apple and its board oversees security and privacy risks. The request cites many of the recent privacy and security issues that have plagued Apple, making headlines and even leading to litigation. The issues include the those surrounding UDIDs and iCloud, which they fear could lead to slow growth of the company and negatively affect shareholder value.

The request cites Ponemon Institute reports that highlight the cost of data breaches to corporations and how data breaches negatively affect brand reputation, leading to a decline in sales. In addition, they cite Carnegie Mellon University Cylab’s 2012 Governance Study “How Boards & Senior Executives Are Managing Cyber Risks,”  listing recommendations for reviews and assessments of a company’s security posture, including the need for regular reports from senior management regarding privacy and security risks.

Tripwire and the the Ponemon Institute recently highlighted in their joint study “The State of Risk Based Security” the need for systematic techniques in the evaluation of  risks that impact an organization’s information assets and infrastructure. When we begin to see shareholders of a company like Apple with one of the highest market caps in technology demand security risk assessments from their boards, we understand why connecting security to the business is so critical.

The trick is how will security executives be able to communicate to the board and in turn the shareholders to put their minds at ease? With all of the variables involved in securing systems, servers, network devices, how can you easily quantify and measure the security risk of your organization? To borrow a phrase from Apple themselves: Tripwire has an app for that.

Cross-posted from Tripwire's State of Security

Possibly Related Articles:
9644
Enterprise Security
Information Security
Apple Privacy Risk Management Board of Directors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.