Dealing with the C-Suite and Board – Presenting ROI, Justifying Value and Taking RisksIn this Security Edge panel, industry thought leaders reveal how security leaders can understand the Board's appetite for risk and how they should address the four layers of cyber security perspectives to justify value.
Much of a security leader’s job is spent in stakeholder management, managing up and down the organisation.
More often than not, it includes C-level and board-level presentations. Too often, this is just to confirm “Are we safe? Are we compliant?”
The risk of this is the Board, and CFO may think it is somewhere where the investment can stop.
A modern leader needs the business and soft skills to own the room, the ability to position cyber as an investment, and in today’s market the skill to secure the space to experiment, fail fast, test and learn.
- Board understand cyber security priorities in terms of risk, strategy, and culture
- There is an onus on the CISO to educate the board and understand the board’s risk appetite
- There are four layers of cyber security perspectives: cyber controls, regulatory compliance, commercial approaches to cyber security, and ethical risk
- CISOs should partner with CIOs to communicate effectively with the board and create a cohesive end-to-end strategy