What is your biggest concern when communicating risk?

People & LeadershipGovernance, Risk & ComplianceRisk Management+1 more
1.7k views2 Upvotes3 Comments
CISO, 10,001+ employees
We are trying to get into a conversation about how we quantify risk. We've done all this stuff and we think it's all the right things, but in speaking with executive leadership and the CIOs, they say, "Well, how do we know if it's good enough? How do we know if what we've done is good?" There's all kinds of benchmarking data you can find to say, okay, against this single thing, how do I compare to others? But how do you really look across your entire landscape and all the different security practices and controls you have in place? How do you assess security operations versus all the projects you're doing, to try and put together a set of measurements, to really understand and be able to articulate at an executive level where you have prevented and controlled risk, where you've got your residual risk, and where you still have your unknown.
1
Senior VP & CIO, 1,001 - 5,000 employees
With Boards there are always similar lines of questions regarding round, how do we know and how do you know we're doing all the right things? I also worked alongside the risk teams at prior companies, especially being a leader of IT or having a large component of the technology platforms we viewed and focused on the industry specific risks.  The question always is "How do you balance the risk against your business objectives? How do you ensure that you're managing that to the best of our ability or within the funding portfolio of the company?"
1
Chief Information Officer in Manufacturing, 10,001+ employees
One of the biggest concerns when communicating risk is the audiences ability to comprehend the significance of the risk and ramifications if a budget is not properly defined to mitigate those risks. Most C-Level Senior Executives don't want to know or understand the risk, they just want to make sure you don't allow it to happen. Good or bad, they expect you to manage the risk and they don't want to hear about the negative effects from it.
1

Content you might like

What does Infrastructure and Operations (I&O) currently struggle with the most at your organization?

Business RelationshipsInfrastructureOperations Management

Understanding customer requirements21%

Communication with other stakeholders56%

Visibility of workflow13%

Agile development practices8%


483 PARTICIPANTS
1.9k views1 Comment

Should Operational Technology (OT) cybersecurity controls (like NIST) be required by law, or remain as recommendations to businesses?

Strategy & ArchitectureGovernance, Risk & ComplianceSecurity & GRC

Control required by law.67%

Business recommendations.32%


553 PARTICIPANTS
1.9k views1 Upvote5 Comments

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
8.8k views26 Upvotes59 Comments

What is the best work travel advice you’ve ever been given?

FeedbackPeople & Leadership
Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
19 5 Replies
Read More Comments
72k views71 Upvotes41 Comments

How do you keep a team motivated in absence of leadership?

People & Leadership
Read More Comments
34k views28 Upvotes14 Comments