Now That Security Leaders Have Been Invited Into the Boardroom, What Do They Say?

This means demonstrating the financial, operational, and reputational benefits of investing in cybersecurity, making the case for cybersecurity as an integral part of your company's risk management strategy.

The risk-based approach to cybersecurity is thus ultimately interactive—a dynamic tool to support strategic decision making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implem

It is important to clearly communicate to the target audience which items on the list are threats, assets and controls (however weak they may be). Executives must understand how the combination of these categories of things can be manipulated to cause harm to the enterprise.