ISSA schedules board audit webinar

Board governance is usually where cybersecurity gets vague. Everyone says the board should oversee risk, but the hard part is deciding which committee actually owns what. ISSA International is trying to make that concrete with a June 2 webinar called “Board Committees 101,” organized through its Board of Directors Special Interest Group and featuring Carlin Dornbusch and JC Vega. The point is simple — if boards are being asked to oversee cyber, audit, compliance, and disclosure, they need a cleaner map of the boardroom first. (issa.org) ### What exactly did ISSA schedule? ISSA listed “Board Committees 101” for June 2, 2026, from 1:00 to 2:00 p.m. EDT. Carlin Dornbusch is the moderator, and JC Vega is the named speaker on the event page. The webinar sits inside ISSA’s events system rather than as a vague social post, which matters because it gives the session a real date, structure, and named leadership. (issa.org) ### What is the session(issa.org)ct. This is a session about how boards build supporting committees and what those committees are supposed to do. It specifically calls out audit, governance, risk, compliance, and digital or cyber committees — basically the places where cyber oversight gets split up, duplicated, or dropped. (brighttalk.com) ### Why is that(issa.org) clear until you try to assign it. In one company, the audit committee gets cyber because it already handles controls and disclosure. In another, the risk committee owns it. In another, the full board keeps it because management thinks cyber is too cross-functional to isolate. The catch is that messy ownership creates messy reporting — and messy reporting is exactly what b(brighttalk.com)design has become a live governance question, not just an org-chart detail. (ciso2ciso.com) ### Why is ISSA doing this through a board SIG? ISSA’s Board of Directors SIG exists to build a community around board-level cyber governance, best practices, regulations, and technology. Its stated goal is to help qualified technical experts serve on boards and improve how organizations respond to systemic risk. JC Vega’s role fits that mission — he is listed both as the webinar speaker and as vice chair of the ISSA Board of Directors SIG. (members.issa.org) ### Why does JC Vega matter here? Vega is not being presented as a generic conference speaker. ISSA describes him as a former CISO, CIO, and cybersecurity executive, plus the first Cyber Operations Colonel in the U.S. Army and a co-founder of the Army Cyber Institute. More relevant for this topic, ISSA says he now advises boards on digital risk, resilience, and cybersecurity governance. So the webinar angle is less “here’s a theory of c(members.issa.org)tees should work.” (issa.org) ### Why does this land now? Because the SEC’s cyber-disclosure rules turned board oversight from a soft expectation into a recurring disclosure item. Public companies now have to describe their processes for managing cyber risk, management’s role, and the board’s oversight of cyber risk in annual reports. They also have to disclose material cyber incidents on Form 8-K within four business days after deciding the incident is material. That doesn’t tell boards how t(issa.org) the cost of being fuzzy. (sec.gov) ### So what’s the practical takeaway? This webinar matters because it tackles the boring part that usually breaks first — committee plumbing. Boards do not fail cyber oversight only because they lack expertise. They also fail because information arrives in the wrong room, on the wrong cadence, in the wrong format. A session on committee design sounds dry, but basically it is about whether the board can make sense of cyber risk before the 8-K clock starts. (brighttalk.com) ### Bottom line? ISSA is betting that board cyber governance now needs operating instructions, not slogans. “Board Committees 101” is a small event, but it points at a bigger shift — cybersecurity oversight is becoming a board architecture problem as much as a security problem. (issa.org)