Cyber Risk Oversight for Higher Education Boards
Key Principles and Practical Guidance for Foundation and Institution Board Members
By AGB in partnership with ISA and AIG
(Member Price $32.00)

(Member Price $32.00)
Every year, more news outlets report cybersecurity breaches—and higher education is not immune from these sinister trends. Cyberattacks on colleges, universities, and foundations have become more frequent, more sophisticated, and more dangerous. Successful cyberattacks can compromise an institution’s reputation, result in substantial financial payouts, undermine its credit status, and foment legal challenges—to say nothing of impeding an institution’s fundamental capacities for teaching, learning, and research. Given the seriousness of these potential harms, governing boards must recognize that cyber risks are enterprise-level risks, not simply an IT issue.
AGB believes strongly that ensuring cybersecurity in colleges and universities requires a strong, concerted, enterprise-wide risk management strategy at each institution. Governing boards need to continuously assess their effectiveness to address cyber risks, both in terms of their own fiduciary responsibility as well as board oversight of the administration’s activities. To that end, this handbook frames five principles that governing boards need to understand in order to adequately and successfully oversee their institution’s cybersecurity. Cyber Risk Oversight for Higher Education Boards explores these five principles and includes a toolkit to facilitate robust board conversations and strategic decisions about managing cyber risk.
This resource, the first of its kind for higher education, builds on a highly respected manual developed by the Internet Security Alliance (ISA) for corporate directors. It reflects the unique needs of higher education, informed by insights from board members and higher education cyber risk professionals.
- Acknowledgments
- Foreword by Henry Stoever
- Executive Summary
- Principle 1: Cybersecurity as a Strategic Risk
- Principle 2: Legal and Compliance Implications
- Principle 3: Board Oversight Structure and Access to Expertise
- Principle 4: An Enterprise Framework for Managing Cyber Risk
- Principle 5: Cybersecurity Measurement and Reporting
- Conclusion
Road Map for the Cyber Risk Oversight Toolkit
- Tool A: 10 Questions for a Board Member to Ask About Cybersecurity
- Tool B: Assessing the Board’s Cyber Risk Oversight Effectiveness
- Tool C: The Cyber-Insider Threat—A Real and Ever-Present Danger
- Tool D: Managing Third-Party Cybersecurity Risks
- Tool E: Incident Response
- Tool F: Board-Level Cybersecurity Metrics
- Tool G: Cybersecurity Considerations During Merger and Affiliation Phases
- Tool H: Sample Dashboards
- Tool I: Building a Relationship with the CISO
- Tool J: Personal Cybersecurity for Board Members
- Tool K: U.S. Department of Homeland Security Cybersecurity Resources
- Tool L: U.S. Department of Justice and Federal Bureau of Investigation—Responding to a Cyber Incident
Title Information
- A bulk discount is available for orders of 10 or more copies
- Publication Year: 2021
- ISBN: 978-1-951635-15-2
- 130 pages
Learn More