Crucial Questions From CEOs and Boards

The risk-based approach to cybersecurity is thus ultimately interactive—a dynamic tool to support strategic decision making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implem

I saw a few tweets about this article tongue in cheek saying "time to update your threat model" - but how many actually do that? Who is at work this week creating a document that illustrates how a data breach of their external council could lead to their own data loss event? I'd guess it is a very small number of folks. I'm making the cas

Both Easterly and Zhora stress the importance of communicating cyber risks in a language that resonates with business decision-makers. This enables informed decision-making when allocating resources to cybersecurity initiatives. By aligning cybersecurity efforts with business goals, organizations can view cybersecurity not merely as a constraint, b

This means demonstrating the financial, operational, and reputational benefits of investing in cybersecurity, making the case for cybersecurity as an integral part of your company's risk management strategy.

I had a client whose maturity scores didn’t improve over a 3-year period. If data was all that was presented this could easily be interpreted as a failure of progress. But when they focused the narrative around the successful integration of the multiple acquisitions they had over the past few years, the focus shifted to the successful expansion of