How can security leaders more effectively communicate risks to the business and board?

People & LeadershipSecurity & GRCBusiness Relationships
1.9k views1 Upvote5 Comments
CEO in Services (non-Government), 2 - 10 employees
It’s an exercise in influence. First, identify the top priorities set by the business and specific points where better security enables or poor security blocks meeting these goals. Security is only 1 of many types of risks that businesses and boards face, and they must all be considered in the context of reaching critical company goals. You may never be able to convince them to care about security risks for the same reasons you do, instead align security with their existing motivations. They don’t need to join the band in order to play your song.
2
Director of Engineering in Energy and Utilities, 10,001+ employees
Finance is probably the best way to communicate risks to business and board. Real-life examples will go along a long way in communicating these risks.
1
CIO / Managing Partner in Manufacturing, 2 - 10 employees
Should make sure that cybersecurity is a standing board agenda item.
1
CIO in Software, 51 - 200 employees
Security must be on every team's agenda of the organization, either it is building security, data security, infrastructure security, people security. How to influence it? CISOs should bring awareness to their peers, people up and down the hierarchy, knowledge center, policy enablement and separation of duties between teams and within teams. A continuous periodic exercise of security reevaluation is a must in the organization.
2
Assistant Director IT Auditor in Education, 10,001+ employees
Tell them in simple terms what can happen to the business if risks exposure is realized and the organization's ability to meet its financial and strategic goals.  Sometimes the worst case scenario, like ransomware infection on the organization's computer systems and data.  Risk is a very tricky thing to address because it is so many that can affect an organization. Depending on your business, you may need a separate group/department to manage and address it.  A key partner should be the internal audit department.
1

Content you might like

What is the best work travel advice you’ve ever been given?

FeedbackPeople & Leadership
Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
18 5 Replies
Read More Comments
70.4k views71 Upvotes41 Comments

If you work within a healthcare organization, how is patient data being accessed?

End-User Services & CollaborationApplications & PlatformsSecurity & GRC+15 more

Exclusively via organization-managed desktops, laptops, and mobile devices (phones and tablets)40%

Via a hybrid of organization-managed AND employee owned desktops, laptops, and mobile devices (phones and tablets)50%

Exclusively via employee owned desktops, laptops, and mobile devices (phones and tablets)6%

Other4%


220 PARTICIPANTS
1.6k views2 Upvotes

How do you keep a team motivated in absence of leadership?

People & Leadership
Read More Comments
33.4k views28 Upvotes14 Comments

Where should cyber budget be spent between identify, protect, detect, respond recover.

Security & GRCStrategy & Architecture

Identify41%

Protect72%

Detect77%

Respond31%

Recover23%


39 PARTICIPANTS
259 views

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
8k views26 Upvotes58 Comments