Best Practices Q&A: Guidance About What Directors Need to Hear From CISOs — From a Board Member

To improve decision making at this level, the metrics provided by the security team must be risk based and framed in a way that aligns with business drivers.

Unable or unwilling to calibrate for important factors like communication, structure, and bias, we remain vulnerable to threats.

To achieve cyber resilience, it is crucial for organizations to align their cybersecurity priorities with their overarching business objectives. Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), emphasizes the need for security leaders to frame risks in relatable business terms and provide metrics that demons

How should modern CISO’s prepare for the inevitable breach?

Practice. Do not just practice with the technical team, make the case for full practice and participation by the CEO, Legal, Public Relations, and all the other usual suspects on the leadership team. You do not want to be in the position of figuring out roles and responsibilities during a l