Back to Blog

How to engage with the C-Suite on cyber risk management: Part One

October 30, 2017

By: Sikur

shark

By: Christopher J Hodson MSc, M.Inst.ISP, CISSP

27/10/2017

CISOs need to meet board members where they “live” – meaning they need to be talking about the same objectives if the metrics are to make sense.

Enron changed the world of finance and the energy industry forever, and the early days of the Equifax hack look as though this breach could change the face of the credit industry and cybersecurity forever. That a single company could amass so much financial information on an individual and be as poorly defended as it was just emphasizes the importance of communicating security and risk effectively to your Board of Directors.

As an infosec director, I’m often asked about the biggest challenges faced by CISOs. Again, and again, one key issue surfaces: the need for CISOs to deliver meaningful metrics to their Board of Directors. Boards that are not comprised of security professionals are increasingly funding new cybersecurity programs and initiatives without understanding what information they want or need. They call for metrics, and the CISO is left wondering which metrics to present that will mean something to the board.

To understand which metrics CISOs should deliver, CISOs need repeatable processes and an understanding of risk management. CISOs need to meet board members where they “live” — meaning they need to be talking about the same objectives if the metrics are to make sense.

MORE: https://www.peerlyst.com/posts/how-to-engage-with-the-c-suite-on-cyber-risk-management-part-one-christopher-j-hodson-m-inst-isp-cissp

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.