Board-Ready Slides for Cybersecurity and Technology Risk
It's critical that CISOs, IT security and risk management leaders supply board-relevant and business-aligned content that is not hampered by overly technical references. Gartner has developed a framework for an effective board presentation on cybersecurity and technology risk for current status presentations.
- Board-level reporting for cybersecurity and technology risk is becoming commonplace; however CISOs, IT security and risk management leaders are often not very good at it.
- Most board members do not understand technology, and the inability of CISOs, IT security and risk management leaders to understand the viewpoints of individual board members sometimes holds them back from presenting effectively to the board.
Gartner recommends CISOs, IT security and risk management leaders should do the following:
- Minimize fear, uncertainty and doubt, while focusing on the twin goals of business execution and organizational readiness to deal with threats.
- Balance the need to protect the organization against the requirements for operating the business.
- Place everything in a business context that is relevant to board-level decisions, while avoiding issues that are relevant only to IT personnel and IT decision making.
- Finish by asking the board to engage board members in the process.