Chưa được phân loại
How to Deliver Information Security to the Boardroom
Board members need to be aware of the cyber-security risks facing their company to ensure they steer the organisation in the right direction. However, this isn’t always easy.
Cybersecurity has been a domain controlled by technologists in remote server rooms. After the massive security breaches such as Equifax and Colonial Pipeline, however, it’s becoming evident that cyber risks are a real and present business risk that impacts every aspect of an organization.
In the process boards are demanding more from their security teams and CISOs. It doesn’t matter if it’s spending more on new technology or making sure that staff receive proper training Board members need an understanding of how a properly-trained security team can defend against the most sophisticated threats. This message must be presented in a way that is easily understood by non-technical boardroom executives.
A great way to accomplish this is to align security with business goals and utilize real-time metrics. You can provide the board with the information it needs to make informed decisions by providing regular reports which show the development of security measures, a decreasing risk index and other important metrics. Make a compelling story instead of just passing along numbers. Through sharing a real-life story of how the quick actions of your team averted an enormous threat and show your board that they are protected and that their efforts are making an impact.
