Boardroom information security is the “elephant inside the room” for a long time, but is now more dominant in boardroom conversations due to increased knowing of cybersecurity hazards and threats. As a result, the board has become increasingly demanding of this chief data security officer www.greatboardroom.com/does-your-board-need-an-entrepreneur/ (CISO) and management clubs.
However , CISOs must be ready for the process of switching the board’s focus right from technical to organizational issues and things to consider. In the past, cybersecurity topics were viewed as technical in dynamics and often not really relevant to the board’s discussions. Period constraints in board events also help to make it difficult to pay all the technicalities that are essential for effective oversight. Consequently, the board quite often did not be familiar with information presented by administration or by CISO. In fact , according to a study by Gulf Dynamics, per cent of respondents reported that they can did not be familiar with cyber secureness information furnished to all of them by their business.
The CISO must be capable to present risk info to the board in a way that is straightforward to understand and accessible, with no usual “geekspeak” that brands cybersecurity discussions. To do this, the CISO will need to develop a very clear risk interaction methodology that can be used throughout the organization. The FAIR version, for example , is actually a valuable software in this regard as it helps to clearly communicate risk using quantifiable categories including loss event frequency and loss value.
Moreover, the CISO must be able to demonstrate that cybersecurity is a business issue and this it should be deemed in light of the effect on revenue. For example , the CISO should be able to show you how a ransomware attack such as that experienced by Lansing BWL in 2016 can result in lost productivity and a decline in customer trust, which could in the end cost the company significant amounts of00 money.