As enterprises have become increasingly reliant on technology for every aspect of operations, technical executives such as CIOs and CISOs have found themselves in a completely new operations center: the boardroom. This move from the security operations center can present a significant challenge. Board members are often not well-versed in technology or security best practices, let alone jargon. At the same time, CISOs often lack the business experience to speak in terms that the board can understand, defaulting to technical discussions that the board can't parse.
This breakdown in communication can have a cascade effect. Board members might fail to fully understand the security risks posed by a certain initiative. Or, with the growing number of costly and embarrassing security breaches, they might overemphasize caution and risk mitigation at the expense of implementing important technical advancements.
As a long-time executive in the technology industry, I've spent my fair share of time in boardrooms. I know how boards view risk, and how to effectively communicate about it. Below are five top CISO strategies for an effective board-level conversation about right-sizing risk.
Strategy 1: Manage the "Fear Factor"Headline-grabbing breaches can draw a lot of attention from business stakeholders and board members who want to avoid finding themselves in similar circumstances. But not all breaches are created equal. Some breaches, like those due to misconfigured cloud services or ransomware attacks, are incredibly common. Others, such as those involving service provider employee malfeasance, attract a lot of attention but are vanishingly rare.
For CISOs, managing the fear factor is the first step toward successful interactions with the board. It's important to come prepared to address concerns around the ..
Support the originator by clicking the read the rest link below.
