Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
Best Practices Q&A: Guidance About What Directors Need to Hear From CISOs — From a Board Member
bacohidolastwatchdog.comWhen you've created this kind of culture, management expectations are rooted in reality, where everyone considers their effect on the organization's security posture, and CISOs aren't faced with surprises, resistance, and friction that make them want to quit. If you advocate with the clarity that most cannot find in cybersecurity, you will achieve
... See moreDark Reading • Rethinking Cybersecurity's Structure & the Role of the Modern CISO
What does a security leader want from a security program?
• The Board must meet regularly with the security leader formally and informally. Security programs are extremely nuanced, and board members (maybe not all of them, but at least the head of whatever sub-committee oversees technology and information risk) must take the time for confidential an
... See moreHelen Patton • Cybersecurity Outcomes: What Do We Really Want?
CFOs understand risk and tradeoffs well, so present your security plan in that light. Rank your risk areas and clearly (in a non-jargon way) explain the impact of the risk area on the company, the coverage, and how the investment will help mitigate the risk.
Cloud Security Alliance • Communicating Cybersecurity ROI to Your CFO
Now, let's think about this example in terms of cybersecurity.Your organization uses the NIST cybersecurity framework as a scoreboardto say, here's where we are in terms of our cyber maturity score.We think the attackers are currently ahead of us, and we need to increaseour maturity on these three important items before the end of the year.And if w
... See moreCISO Tradecraft • 131 - Framing Executive Discussions
- Boards must focus on risk, reputation, and business continuity.