What is your biggest concern when communicating risk?

1.7k views2 Upvotes3 Comments

CISO, 10,001+ employees
We are trying to get into a conversation about how we quantify risk. We've done all this stuff and we think it's all the right things, but in speaking with executive leadership and the CIOs, they say, "Well, how do we know if it's good enough? How do we know if what we've done is good?" There's all kinds of benchmarking data you can find to say, okay, against this single thing, how do I compare to others? But how do you really look across your entire landscape and all the different security practices and controls you have in place? How do you assess security operations versus all the projects you're doing, to try and put together a set of measurements, to really understand and be able to articulate at an executive level where you have prevented and controlled risk, where you've got your residual risk, and where you still have your unknown.
Senior VP & CIO, 1,001 - 5,000 employees
With Boards there are always similar lines of questions regarding round, how do we know and how do you know we're doing all the right things? I also worked alongside the risk teams at prior companies, especially being a leader of IT or having a large component of the technology platforms we viewed and focused on the industry specific risks.  The question always is "How do you balance the risk against your business objectives? How do you ensure that you're managing that to the best of our ability or within the funding portfolio of the company?"
Chief Information Officer in Manufacturing, 10,001+ employees
One of the biggest concerns when communicating risk is the audiences ability to comprehend the significance of the risk and ramifications if a budget is not properly defined to mitigate those risks. Most C-Level Senior Executives don't want to know or understand the risk, they just want to make sure you don't allow it to happen. Good or bad, they expect you to manage the risk and they don't want to hear about the negative effects from it.

Content you might like

Understanding customer requirements21%

Communication with other stakeholders56%

Visibility of workflow13%

Agile development practices8%


1.9k views1 Comment

Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
8.8k views26 Upvotes59 Comments

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
72k views71 Upvotes41 Comments