Which cybersecurity program metrics are you presenting to your respective boards? What are the hot topics of interest for 2025?

Security Strategy & RoadmapBoard Engagement
813 viewscircle icon4 Comments
Sort by:
CISO in Software7 months ago

Insider risks and DLP effectiveness is the hot new topic in 2025 for Boards.

2 Replies
no title7 months ago

What metrics do you use to show effectiveness of insider risk mitigation?

no title7 months ago

I would love to see some examples that organizations are using

Lightbulb on1
Director of Information Security in Healthcare and Biotech7 months ago

Typical Cyber Metrics are phishing clicks, incidents, security awareness trainings and of course key risks. 

Content you might like

Do you accept payments in crypto currency?

Yes, we do today.10%

No, but we plan to in the next 6 months.34%

No, but we plan to further in the future.10%

No, and we have no plans to.44%

View Results

Have you considered implementing passwordless authentication flows?

Yes, we currently provide passwordless authentication31%

No, but we plan to implement passwordless in 202137%

No, but we plan to implement passwordless in the long-term23%

No, and we don't plan to implement passwordless8%

View Results

Disesdi Susanna Cox outlines 3 critical threats:
1. Non-deterministic decisions – same prompt, different actions (e.g., unintended transfers).
2. Cascading failures – multi-step tasks = more attack surface.
3. Emergent behavior – guardrails can’t cover infinite edge cases; focus on blast radius and recovery.

3 Controls to Implement Now: 
• Map agent workflows to attack tactics (MITRE ATLAS)
• Weekly prompt-injection tests (OWASP + CSA)
• Least-privilege, expiring agent tokens (NIST AI RMF + CSA MAESTRO)

Which control or framework gives you the biggest headache, and how are you tackling it?

Full analysis: https://disesdi.substack.com/p/openai-just-dropped-their-agentic

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments