Best Practices Q&A: Guidance About What Directors Need to Hear From CISOs — From a Board Member

Don’t waste your executive leadership team’s time. They usually want to know if you need them to act, so don’t be shy—include a call to action. In my experience, you will be more successful if you have built a trusted relationship and keep cybersecurity simple and understandable for them.

I had a client whose maturity scores didn’t improve over a 3-year period. If data was all that was presented this could easily be interpreted as a failure of progress. But when they focused the narrative around the successful integration of the multiple acquisitions they had over the past few years, the focus shifted to the successful expansion of

Get your business units to pull help from security and not have security keep pushing improvements on them. The main thing is for the CEO to not just provide support and resources for the CISO but to actually change the dynamic by regularly expecting each business line executive or functional leader to be able to articulate at some appropriate leve

CFOs understand risk and tradeoffs well, so present your security plan in that light. Rank your risk areas and clearly (in a non-jargon way) explain the impact of the risk area on the company, the coverage, and how the investment will help mitigate the risk.