Boardroom details security is the “elephant inside the room” for some time, but is actually more prominent in boardroom conversations due to increased awareness of cybersecurity hazards and dangers. As a result, the board has become increasingly demanding on the chief info security officer (CISO) and management teams.
However , CISOs must be prepared for the challenge of switching the board’s focus from technical to organizational problems and factors. In the past, cybersecurity topics were viewed as technical in nature and often not really relevant to the board’s discussions. Time constraints in board gatherings also produce it difficult to cover all the nuances that are necessary for effective oversight. Consequently, the board typically did not be familiar with information offered by management or by the CISO. In fact , according https://greatboardroom.com/recommendations-on-being-a-better-nonprofit-board-member/ to a survey by Bay Dynamics, 70 percent of participants reported that they did not be familiar with cyber reliability information furnished to all of them by their business.
The CISO must be in a position to present risk facts to the mother board in a way that is not hard to understand and accessible, without the usual “geekspeak” that characterizes cybersecurity conversations. To do this, the CISO ought to develop a clear risk communication methodology you can use throughout the organization. The FAIR model, for example , is known as a valuable tool in this regard since it helps to evidently communicate risk using quantifiable categories just like loss event frequency and loss value.
Moreover, the CISO has to be able to illustrate that cybersecurity is a organization issue which it should be deemed because of the influence on revenue. For example , the CISO should be able to make clear how a ransomware attack just like that experienced by Lansing BWL in 2016 can result in lost productivity and a decline in customer trust, which could ultimately cost the company significant amounts of00 money.