Plaintext: Security Can't Ignore ESG
Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Europe is in the grips of an intense heat wave, as are various parts of the United States. Seems like the right time to talk about climate change and how infosec professionals should be thinking about ESG (environmental, social, and governance).
Security and ESG
Infosec leaders have a role to play in improving the companies'?environmental, social, and governance?(ESG) posture, writes Auditboard's Richard Marcus. The fundamental principle behind ESG is assessing whether business partners are ethical and making a positive impact in the world. Security is necessary.
Companies want to do business with organizations that are either advancing the cause of security and privacy or are at least not doing harm. How transparent companies are before, during, and after a breach tells you a lot about their corporate character.
A data breach may be called a privacy responsibility or a security responsibility, but, at the end of the day, it’s a social responsibility. -Richard Marcus, AuditBoard
Environmental, sustainability, social, and governance issues are among the most visible and popular ways to evaluate business ethics today. Organizations have to create a culture of transparency and model what good governance looks like around identifying, drafting, reviewing, and approving disclosure material. [Read more What Infosec Procs Can Teach the Organization About ESG ]
Consider ESG in the Context of OT: Operational technology security leaders have to consider the potential legal consequences from stemming from security issues in OT environments. Even a seemingly minor incident or vulnerability can be burdensome to manage. Even more worrisome is the risk to human safety, particularly in industries like energy and utilities, manufacturing, transportation, and mining.
Ultimately, OT risks directly influence environmental, social, and governance (ESG) matters. -Ben Miller, of Dragos.
领英推荐
Security and Climate Change
Consider this: Britain recorded its hottest day ever on July 20, with temperatures exceeding 40C (104F). The ACs in a Google Cloud data center in London was unable to keep up with the extreme heat, forcing the data center to power down and go offline for a short period.
Climate change is a generational risk with profound implications to alter not just our physical world but our digital world, too, NinjaRMM CSO Lewis Huynh wrote for Dark Reading. Security teams have to consider the impact the frequency, severity, and significance of climate change and extreme weather have on business networks and critical infrastructure. IT and cybersecurity teams should work with leaders across their organization to develop a robust business continuity and disaster recovery (BC/DR) plan that includes climate and extreme weather-related events. [Read more Adapting to the Security Threat of Climate Change]
Headlines on Tap
Subscribe to get the latest headlines delivered to you each morning with Dark Reading Daily.
On That Note
Enjoy this gem from our July cartoon contest. The winner (selected by the most cunning caption) will win a Amazon gift card.?Comment and show us your best puns and wordplay.
Senior Information Security Professional
2 年It will not be far away in the future that Security will be added as a separate pillar.
Senior Technology Leader Focused on Strategic IT, Systems Architecture, & Cyber Security, Developing Detailed Solutions for Clients while Optimizing Business Growth
2 年I agree, normal approache to continuity planing will not be enough. If companies have a few data centers and even if they are across the country, they may both still be impacted by weather at the same time. You need a contingency plan for your contingency plan ??
Supervisor at my own business
2 年Wow big talk big words I simply them follow and you trip and fall on my shift