Major organizations IIA (Institute of Internal Auditors) and ISACA (Information Systems Audit and Control Association) have come together to create a report titled Cybersecurity: What the Board of Directors needs to Ask that attempts to summarize what board members need to know in approaching this very technical subject, based on five principles.
Read more here:
https://www.linkedin.com/pulse/article/20141124200129-3845108-what-the-board-needs-to-know-about-the-cyber-threat?_mSplash=1