While few corporate executives and boards of directors would dispute the importance of cybersecurity, some may feel ill-prepared to begin the process of managing these risks given the myriad technical and non-technical elements of the issue. The goal of this document is to address this gap by providing corporate leaders a practical framework for addressing the people, process and technology elements of the cybersecurity challenge.