Saved by Chad Hudson
Home / Resources / ISACA Journal / Issues / 2020 / Volume 3 / Communicating Technology Risk to Nontechnical People
“So when a CISO or anybody comes into a board room and says, ‘if we don’t do this, this is going to happen,’ it makes them all feel anxious and they start to close down their thought processes around it.”
bacohido • Best Practices Q&A: Guidance About What Directors Need to Hear From CISOs — From a Board Member
Scenarios are powerful. Clear, well-written scenarios should be a first-class skill for security professionals and a core part of how security teams work together. Taking the time with others to be clear about the scenario you’re concerned about is a matter of keeping everyone moving toward the same goal.
Ryan McGeehan • Beyond Controls: The Power of Risk Scenarios
Mostly, they seek out vulnerabilities, detect attacks, and eliminate compromises. Of course, the size of the attack surface and the sheer volume of vulnerabilities, attacks, and compromises means organizations must make tough choices; not everything gets fixed, stopped, recovered, and so forth. There will need to be some form of acceptable (tolerab
... See moreStuart McClure • How to Measure Anything in Cybersecurity Risk
ISACA Risk IT Framework